Certificates deployment

In the installation guide, the Wazuh cert tool has been used to create certificates, but any other certificates creation method, for example using OpenSSL, can be used.

There are three kinds of certificates needed for the installation

  • root-ca: This certificate is the one in charge of signing the rest of the certificates.

  • node: The node certificates are the ones needed for every Elasticsearch node. They must include the node IP.

  • admin: The admin certificate is a client certificate with special privileges needed for management and security-related tasks.

These certificates are created with the following additional information:

  • C: US

  • L: California

  • O: Wazuh

  • OU: Docu

  • CN: Name of the node

To create the certificates, the instances.yml file must be configured replacing the <node-name> and <node-IP> values by the corresponding values:

# Elasticsearch nodes
- name: <node-name>
    - node-IP

# Wazuh server nodes
- name: <node-name>
    - node-IP

# Kibana node
- name: <node-name>
    - node-IP

Each node certificate will be named after the <node-name>. The <node-IP> can be either an IP address or a DNS name.

After configuring the instances.yml, the script can be run:

# bash ~/wazuh-cert-tool.sh

After running the script, the directory ~/certs will be created and will have the following content:

├── admin-key.pem
├── admin.pem
├── filebeat-key.pem
├── filebeat.pem
├── kibana-key.pem
├── kibana.pem
├── node-1-key.pem
├── node-1.pem
├── root-ca.key
└── root-ca.pem