For this AWS machine i have already opened the 9200 port.
If we now go to https//ipaddress:9200 which in our case is https://3.135.234.84:9200 we can see that we can access elasticsearch instance.
Let us now reset the password for the elasticsearch instance. Go to elasticsearch bin folder and use the command
elasticsearch-reset-password -u elastic --interactive
If we now go again to https://10.13.45:9200 and enter the credentials we can access elasticsearch instance. But we also get certificate warning.

On this AWS machine I have already configured to run javainuse and the godaddy DNS is pointing to this AWS machine IP address.
If we try to access the elasticsearch instance using the javinuse domain name - https://www.javainuse.com:9200 we again get the certificate warning.
Get Certificate from Comodo
We go to
Comodo Certificate Website and request the certificate by providing some details like CSR i.e. certificate signing request and after verifying the domain ownership.
Comodo has provided me with certificate named www_javainuse_com.p7b in p7b format.
I have imported this certificate in a keystore named elastic.jks which we will be making use of for configuring elasticsearch.
I have copied this elastic.jks to the /etc/elasticsearch folder.
Configure elasticsearch with javainuse certificate.
Go to elasticsearch.yml and configure it as follows-
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: elastic.jks
cluster.initial_master_nodes: ["ip-172-31-4-60.us-east-2.compute.internal"]
http.host: 0.0.0.0
Next we will need to remove unnecessary properties from the elasticsearch keystore.
Use the elasticsearch keystore list commands to list all the properties.
elasticsearch-keystore list

Next delete these properties using the elasticsearch keystore delete command.
elasticsearch-keystore remove xpack.security.http.ssl.keystore.secure_password
elasticsearch-keystore remove xpack.security.transport.ssl.keystore.secure_password
elasticsearch-keystore remove xpack.security.transport.ssl.truststore.secure_password

Also we will be adding the following property to the elasticsearch keystore for configuring the elastic.jks password.
elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

If we now go to https:www.javainuse.com:9200 we can access this elasticsearch instance.