Cyber security

Generating Keys And Packages – A Guide To Securing RedELK Server Communications

This step generates TLS key pairs. This is used for encrypting the filebeat traffic between redirectors/C2servers and the RedELK server.

It can be run on any unix based system. But it makes sense completely sense to run this from your dedicated RedELK system.

In Short

  1. modify ./certs/config.cnf
  2. run initial-setup.sh ./certs/config.cnf
  3. copy c2servers.tgz, redirs.tgz and elkserver.tgz to relevant systems

In Detail

Adjust ./certs/config.cnf to include the right details for 2 items: 1) the TLS certificates, and 2) the DNS/IP of your RedELK server.

  1. For the TLS certificate you need to modify the [req_distinguished_name] part. Change it to something that openssl accepts as correct TLS certificate information.
  2. For the DNS/IP info you need to modify the [alt_names] part. Its really important to have the right IP (IP.1) or DNS (DNS.1) name listed in that file! These need to point to either the IP or the DNS of your RedELK server. Otherwise your TLS setup will not function and Logstash will fail and crash miserably with cryptic errors in its log.

Once done, run: initial-setup.sh ./certs/config.cnf This will create a CA, generate necessary certificates for secure communication between redirs, C2-server and elkserver and generates a SSH keypair for secure rsync authentication of the elkserver to the C2server.

It also generates c2servers.tgz, redirs.tgz and elkserver.tgz that contain the installation packages for each component.

You need to copy these tgz files to the relevant systems (C2-servers, redirs en the system you will be using as the central RedELK node).

Rerunning this initial setup is only required if you want new TLS keys to be used. If such is the case, delete the ./certs/redelkCA.* and ./certs/elkserver.* files and rerun initial-setup.sh ./certs/config.cnf.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Best OSINT Tools for Investigating Corruption 2026: Public Records and Link Analysis

Corruption investigations need accuracy, patience, and strong evidence. In 2026, OSINT tools can help researchers,…

2 minutes ago

Best OSINT Tools for Private Investigators 2026: Legal People and Asset Research

Private investigators use OSINT to collect public information, verify identities, review business connections, check public…

20 minutes ago

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

11 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

DockerĀ is an open-source platform that lets you package and run applications inside containers. Each container…

22 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

23 hours ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

23 hours ago