API Gateway 11.1 | Administering API Gateway | Security Configuration | Securing API Gateway Communication using TLS | How do I Secure External Elasticsearch Store Communication using HTTPS?
 
How do I Secure External Elasticsearch Store Communication using HTTPS?
 
How do I Secure External Elasticsearch Communication using HTTPS with X-Pack?
How do I Secure External Elasticsearch Communication using HTTPS with ReadonlyREST Plugin?
Creating a Custom Keystore with Self-Signed Certificates
You can secure external Elasticsearch, one of the components in an API Management setup, to communicate securely over HTTPS. To secure external Elasticsearch, you can use the following security plugins:
*X-Pack. For details, see How do I Secure External Elasticsearch Communication using HTTPS with X-Pack?
*ReadonlyREST. For details, see How do I Secure External Elasticsearch Communication using HTTPS with ReadonlyREST Plugin?.
Both the plugins offer encryption, authentication, and authorization to protect data from attackers and other misuses. The plugins secure external Elasticsearch by exposing it over HTTPS, and enables basic authentication by configuring users.