honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/docs/en/rest-api
History
Ioannis Kakavas 2c82b80b85
Support PKCS#11 tokens as keystores and truststores (#34063) 
This enables Elasticsearch to use the JVM-wide configured
PKCS#11 token as a keystore or a truststore for its TLS configuration.
The JVM is assumed to be configured accordingly with the appropriate
Security Provider implementation that supports PKCS#11 tokens.
For the PKCS#11 token to be used as a keystore or a truststore for an
SSLConfiguration, the .keystore.type or .truststore.type must be
explicitly set to pkcs11 in the configuration.
The fact that the PKCS#11 token configuration is JVM wide implies that
there is only one available keystore and truststore that can be used by TLS
configurations in Elasticsearch.
The PIN for the PKCS#11 token can be set as a truststore parameter in
Elasticsearch or as a JVM parameter ( -Djavax.net.ssl.trustStorePassword).

The basic goal of enabling PKCS#11 token support is to allow PKCS#11-NSS in
FIPS mode to be used as a FIPS 140-2 enabled Security Provider.
 		2018-10-04 10:51:58 +03:00
..
security Support PKCS#11 tokens as keystores and truststores (#34063) 2018-10-04 10:51:58 +03:00
watcher Docs: Fixed a grammatical mistake: 'a HTTP ...' -> 'an HTTP ...' (#33744) 2018-09-17 15:35:54 -04:00
security.asciidoc [DOCS] Add docs for Application Privileges (#32635) 2018-08-23 18:04:02 -07:00
watcher.asciidoc Migrate x-pack-elasticsearch source to elasticsearch 2018-04-20 15:29:54 -07:00