# 获取ES 的证书指纹
sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout
sha256 Fingerprint=80:AF:64:DB:04:3E:12:EB:DA:11:C1:0F:70:04:2A:F9:13:06:A7:05:FD:CB:62:85:81:4A:84:B4:20:C7:34:A5

# kibana web创建的用户
admin
G7ZSKFM4AQwHQpwA



# Filebeat 
output.elasticsearch:
  hosts: ["https://49.51.33.153:9200"]
  username: "elastic"
  password: "-0NiIBOJGn2CATuPWzNc"

  # 用指纹验证（代替证书文件）
  ssl.verification_mode: "certificate"
  ssl.certificate_authorities: []   # 留空（不校验完整链）
  ssl.supported_protocols: [TLSv1.2, TLSv1.3]

  # 关键：指定 CA 指纹（必须全大写，无 0x，带冒号）
  ssl.ca_trusted_fingerprint: "80AF64DB043E12EBDA11C10F70042AF91306A705FD2CB6285814A84B420C734A5"





# python
from elasticsearch import Elasticsearch

es = Elasticsearch(
    hosts=["https://49.51.33.153:9200"],
    basic_auth=("elastic", "-0NiIBOJGn2CATuPWzNc"),
    # 指纹必须去掉冒号，全大写
    ssl_assert_fingerprint="80AF64DB043E12EBDA11C10F70042AF91306A705FD2CB6285814A84B420C734A5",
    verify_certs=True  # 必须为 True
)

print(es.info())