OpenSearch/README.asciidoc

= Elasticsearch Security Plugin

This plugins adds security features to elasticsearch

== Access control

== Encrypted communication using TLS/SSL

=== Configuration parameters

==== Transport protocol

* `transport.tcp.ssl`: true|false (defaults to true)
* `transport.tcp.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys)
* `transport.tcp.ssl.keystore_password`: password of the keystore
* `transport.tcp.ssl.keystore_algorithm`: keystore format (defaults to SunX509)
* `transport.tcp.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys)
* `transport.tcp.ssl.truststore_password`: password of the truststore
* `transport.tcp.ssl.truststore_algorithm`: truststore format (defaults to SunX509)
* `transport.tcp.ssl.client.auth`: true|false (defaults to true)
* `transport.tcp.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA`

==== HTTP

* `http.ssl`: true|false (defaults to true)
* `http.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys)
* `http.ssl.keystore_password`: password of the keystore
* `http.ssl.keystore_algorithm`: keystore format (defaults to SunX509)
* `http.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys)
* `http.ssl.truststore_password`: password of the truststore
* `http.ssl.truststore_algorithm`: truststore format (defaults to SunX509)
* `http.ssl.client.auth`: true|false (defaults to true)
* `http.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA`

== Generating certificates

=== Using self signed certificates per node

=== Using an own CA
Initial import Original commit: elastic/x-pack-elasticsearch@d85c3afaf4f0782efacc8bfd64827915fa57ca3e 2014-07-07 05:30:28 -04:00			`= Elasticsearch Security Plugin`

			`This plugins adds security features to elasticsearch`

			`== Access control`

Added SSL support in netty This introduces the possibility to have all communications (transport and HTTP) to run over SSL. Original commit: elastic/x-pack-elasticsearch@c816a65f53817e1e1207e63cfd207d9a8c78eaa0 2014-07-17 02:32:59 -04:00			`== Encrypted communication using TLS/SSL`

			`=== Configuration parameters`

			`==== Transport protocol`

			* `transport.tcp.ssl`: true\|false (defaults to true)
			* `transport.tcp.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys)
			* `transport.tcp.ssl.keystore_password`: password of the keystore
			* `transport.tcp.ssl.keystore_algorithm`: keystore format (defaults to SunX509)
			* `transport.tcp.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys)
			* `transport.tcp.ssl.truststore_password`: password of the truststore
			* `transport.tcp.ssl.truststore_algorithm`: truststore format (defaults to SunX509)
			* `transport.tcp.ssl.client.auth`: true\|false (defaults to true)
			* `transport.tcp.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA`

			`==== HTTP`

			* `http.ssl`: true\|false (defaults to true)
			* `http.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys)
			* `http.ssl.keystore_password`: password of the keystore
			* `http.ssl.keystore_algorithm`: keystore format (defaults to SunX509)
			* `http.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys)
			* `http.ssl.truststore_password`: password of the truststore
			* `http.ssl.truststore_algorithm`: truststore format (defaults to SunX509)
			* `http.ssl.client.auth`: true\|false (defaults to true)
			* `http.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA`

			`== Generating certificates`

			`=== Using self signed certificates per node`

			`=== Using an own CA`
Initial import Original commit: elastic/x-pack-elasticsearch@d85c3afaf4f0782efacc8bfd64827915fa57ca3e 2014-07-07 05:30:28 -04:00