1、环境介绍
操作系统：centos 7.9
elasticsearch版本：7.13.3

2、生成es ca证书

bin/elasticsearch-certutil ca

注意：提示输入密码：输入Smtgbk_123(自定义，后面配置文件中用到)

3、生成p12秘钥

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

注意：提示输入密码：输入Smtgbk_123(自定义，后面配置文件中用到)

4、创建秘钥目录，并把秘钥放到里面

mkdir /data/elasticsearch/config/certs
mv /data/elasticsearch/elastic-* /data/elasticsearch/config/certs/

5、把certs目录及其秘钥分发到所有es节点
例子：

scp -r /data/elasticsearch/config/certs/ esmn02.wtown.com:/data/elasticsearch/config/

6、更改所有节点配置文件
添加如下内容：

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: Smtgbk_123
xpack.security.transport.ssl.truststore.password: Smtgbk_123

注意：
http.cors.enabled: true
http.cors.allow-origin: “*”
这两个参数之前配置过，注意不要重复

7、重启所有节点的es服务
查看进程号：

ps -ef | grep ela

杀死进程号：

kill -9 进程号

启动es服务：

/data/elasticsearch/bin/elasticsearch -d

8、设置密码

/data/elasticsearch/bin/elasticsearch-setup-passwords interactive

9、测试
已经提示输入密码

用户名：elastic
密码：第8步设置的密码