honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/shield/docs/public/getting-started/enable-message-authenticati...

22 lines
784 B
Plaintext
Raw Normal View History

Docs: Reorganized Shield TOC, renamed files, cleaned up hierarchy. Original commit: elastic/x-pack-elasticsearch@15caf307c4efe8419df943264d7d0812b88438b2
2015-07-15 13:02:11 -04:00
[[enable-message-authentication]]
=== Enable Message Authentication
Message authentication verifies that a message has not been tampered with or corrupted in transit.
To enable message authentication:
. Run the `syskeygen` tool from `ES_HOME` without any options:
+
[source, shell]
----------------
bin/shield/syskeygen
----------------
+
fix transport client documentation for 2.0 and add notes about file locations This also change ES_HOME/config -> CONFIG_DIR in the documentation to more accurately reflect the location of configuration files as they are not always in ES_HOME/config. Closes elastic/elasticsearch#455 Closes elastic/elasticsearch#432 Original commit: elastic/x-pack-elasticsearch@63ce35450c34e23accf4dc0d333ae2a89929404a
2015-08-19 12:31:52 -04:00
This creates a system key file in `CONFIG_DIR/shield/system_key`.
Docs: Reorganized Shield TOC, renamed files, cleaned up hierarchy. Original commit: elastic/x-pack-elasticsearch@15caf307c4efe8419df943264d7d0812b88438b2
2015-07-15 13:02:11 -04:00
. Copy the genererated system key to the rest of the nodes in the cluster.
IMPORTANT: The system key is a symmetric key, so the same key must be on every node in the cluster.
Now that you've enabled message authentication, you might also want to <<enable-auditing, Enable Auditing>> to keep track of attempted and successful interactions with your Elasticsearch cluster.