Update cert guidelines (#5628)
* readd auth token doc Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Fix vale Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Fix embedded command Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Blank lines after headings Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * change Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Style guidelines Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * update cert guidelines Signed-off-by: Stephen Crawford <steecraw@amazon.com> * remove line Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/configuration/generate-certificates.md Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --------- Signed-off-by: Stephen Crawford <steecraw@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
This commit is contained in:
Stephen Crawford
GitHub
parent
72b3363460
commit
2eb2f40b05
|
|
@ -207,11 +207,13 @@ Then copy and paste the output into `opensearch.yml`.
|
||||||
This process generates many files, but these are the ones you need to add to each node:
|
This process generates many files, but these are the ones you need to add to each node:
|
||||||
|
|
||||||
- `root-ca.pem`
|
- `root-ca.pem`
|
||||||
- `admin.pem`
|
- (Optional) `admin.pem`
|
||||||
- `admin-key.pem`
|
- (Optional) `admin-key.pem`
|
||||||
- (Optional) `node1.pem`
|
- (Optional) `node1.pem`
|
||||||
- (Optional) `node1-key.pem`
|
- (Optional) `node1-key.pem`
|
||||||
|
|
||||||
|
For most users, the `admin.pem` and `admin-key.pem` files only need to be added to the nodes you plan to run the `securityadmin` script or reload certificates from. For information about how to use the `securityadmin` script, see [Applying changes to configuration files]({{site.url}}{{site.baseurl}}/security/configuration/security-admin/). If you intend to run the `securityadmin` script directly from a node, that node will need to have a copy of `admin.pem` and `admin-key.pem` on it.
|
||||||
|
|
||||||
On one node, the security configuration portion of `opensearch.yml` might look like this:
|
On one node, the security configuration portion of `opensearch.yml` might look like this:
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
|
|
@ -232,12 +234,6 @@ plugins.security.nodes_dn:
|
||||||
|
|
||||||
For more information about adding and using these certificates in your own setup, see [Configuring basic security settings]({{site.url}}{{site.baseurl}}/install-and-configure/install-opensearch/docker/#configuring-basic-security-settings) for Docker, [Configure TLS certificates]({{site.url}}{{site.baseurl}}/security/configuration/tls/), and [Client certificate authentication]({{site.url}}{{site.baseurl}}/security/configuration/client-auth/).
|
For more information about adding and using these certificates in your own setup, see [Configuring basic security settings]({{site.url}}{{site.baseurl}}/install-and-configure/install-opensearch/docker/#configuring-basic-security-settings) for Docker, [Configure TLS certificates]({{site.url}}{{site.baseurl}}/security/configuration/tls/), and [Client certificate authentication]({{site.url}}{{site.baseurl}}/security/configuration/client-auth/).
|
||||||
|
|
||||||
|
|
||||||
## Run securityadmin.sh
|
|
||||||
|
|
||||||
After configuring your certificates and starting OpenSearch, run `securityadmin.sh` to initialize the Security plugin. For information about how to use this script, see [Applying changes to configuration files]({{site.url}}{{site.baseurl}}/security/configuration/security-admin/).
|
|
||||||
|
|
||||||
|
|
||||||
## OpenSearch Dashboards
|
## OpenSearch Dashboards
|
||||||
|
|
||||||
For information on using your root CA and a client certificate to enable TLS for OpenSearch Dashboards, see [Configure TLS for OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/).
|
For information on using your root CA and a client certificate to enable TLS for OpenSearch Dashboards, see [Configure TLS for OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/install-and-configure/install-dashboards/tls/).
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue