mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-09 14:34:43 +00:00
d0673b0cfb
This introduces the possibility to have all communications (transport and HTTP) to run over SSL. Original commit: elastic/x-pack-elasticsearch@c816a65f53
= Elasticsearch Security Plugin This plugins adds security features to elasticsearch == Access control == Encrypted communication using TLS/SSL === Configuration parameters ==== Transport protocol * `transport.tcp.ssl`: true|false (defaults to true) * `transport.tcp.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys) * `transport.tcp.ssl.keystore_password`: password of the keystore * `transport.tcp.ssl.keystore_algorithm`: keystore format (defaults to SunX509) * `transport.tcp.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys) * `transport.tcp.ssl.truststore_password`: password of the truststore * `transport.tcp.ssl.truststore_algorithm`: truststore format (defaults to SunX509) * `transport.tcp.ssl.client.auth`: true|false (defaults to true) * `transport.tcp.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA` ==== HTTP * `http.ssl`: true|false (defaults to true) * `http.ssl.keystore`: /path/to/the/keystore (absolute path to the keystore, which contains private keys) * `http.ssl.keystore_password`: password of the keystore * `http.ssl.keystore_algorithm`: keystore format (defaults to SunX509) * `http.ssl.truststore`: /path/to/the/truststore (absolute path to the truststore, which contains trusted keys) * `http.ssl.truststore_password`: password of the truststore * `http.ssl.truststore_algorithm`: truststore format (defaults to SunX509) * `http.ssl.client.auth`: true|false (defaults to true) * `http.ssl.ciphers`: Supported ciphers, defaults to `TLS_RSA_WITH_AES_128_CBC_SHA256` and `TLS_RSA_WITH_AES_128_CBC_SHA` == Generating certificates === Using self signed certificates per node === Using an own CA