How to enable user/password based authentication with https enabled?

Hi,
I very recently started evaluating this product. I am using ElasticSearch 2.2.0 and started with first installing search-guard-ssl 2.2.0.5 plugin version. We already had a server certificate+key file+CA certificate available on our DEV server generated from company’s internal CA. So first created a p12 file storing both the server.ct and server.key file inside that. After this converted the p12 file to a jks file so that both server.ct and server.key are stored inside the jks keystore file. This worked completley fine and viewing the keystore details showed expected result.
Updated elasticsearch.yml file as advised in the https://github.com/floragunncom/search-guard-ssl/blob/master/searchguard-ssl-config-template.yml with correct location for both the server keystore and truststore. Enabled https rest to true - searchguard.ssl.http.enabled: true and appropriate settings for keystore and truststore. Started the server and it comes up fine. Accessed the node with http and the access is blocked which is expected. Used HTTPS to access (https://hostname:9200) and it works fine showing the cluster details. Looking at the certificate resturned by the server to the browser the details looks expected.
My question is that how I can enforce some user/password based authentication to access the cluster besides https(rest) enabled? Because in this current state anyone in my firm can access the cluster through browser as the certificate is generated within the firm and trusted by the browsers triggering request withing the firm?

There are two plugins (one for ssl and one for authentication(authorization). The first one you have already installed, the second one is here https://github.com/floragunncom/search-guard/tree/2.2 (it depends on the first one)

···

Am Dienstag, 5. April 2016 18:30:58 UTC+2 schrieb Sumit Sengar:

Hi,
I very recently started evaluating this product. I am using ElasticSearch 2.2.0 and started with first installing search-guard-ssl 2.2.0.5 plugin version. We already had a server certificate+key file+CA certificate available on our DEV server generated from company’s internal CA. So first created a p12 file storing both the server.ct and server.key file inside that. After this converted the p12 file to a jks file so that both server.ct and server.key are stored inside the jks keystore file. This worked completley fine and viewing the keystore details showed expected result.
Updated elasticsearch.yml file as advised in the https://github.com/floragunncom/search-guard-ssl/blob/master/searchguard-ssl-config-template.yml with correct location for both the server keystore and truststore. Enabled https rest to true - searchguard.ssl.http.enabled: true and appropriate settings for keystore and truststore. Started the server and it comes up fine. Accessed the node with http and the access is blocked which is expected. Used HTTPS to access (https://hostname:9200) and it works fine showing the cluster details. Looking at the certificate resturned by the server to the browser the details looks expected.
My question is that how I can enforce some user/password based authentication to access the cluster besides https(rest) enabled? Because in this current state anyone in my firm can access the cluster through browser as the certificate is generated within the firm and trusted by the browsers triggering request withing the firm?