Hi everyone,
Now, i want to implement REST layer SSL (HTTPS) for connecting to Elasticsearch.
I created some files: SearchGuardKS.jdk, SearchGuardTK.jdk, SearchGuardKS.pem,… with Java Keytools. Then in elasticsearch.yml file, i edited some lines following:
searchguard.ssl.transport.http.enabled: true
searchguard.ssl.transport.http.keystore_type: JKS
searchguard.ssl.transport.http.keystore_filepath: D:\keys\SearchguardKS.jks
searchguard.ssl.transport.http.keystore_password: changeit
searchguard.ssl.transport.http.enforce_clientauth: true
searchguard.ssl.transport.http.truststore_type: JKS
searchguard.ssl.transport.http.truststore_filepath: D:\keys\SearchguardTS.jks
searchguard.ssl.transport.http.truststore_password: changeit
After that, i can’t connect to Elasticsearch, i got a message:
"The connection to ‘localhost’ failed.
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to localhost (for #152) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate Win32 (SChannel) Native Error Code: 0x80090327 ".
So i don’t know how to do next to implement REST layer SSL with Search-guard. Could you help me?
Thanks you
I created key files with: http://docs.oracle.com/cd/E19798-01/821-1841/gjrgy/index.html . Then i configured elasticsearch.yml file following:
searchguard.ssl.transport.http.enabled: true
searchguard.ssl.transport.http.keystore_type: JKS
searchguard.ssl.transport.http.keystore_filepath: D:\keys\keystore.jks
searchguard.ssl.transport.http.keystore_password: changeit
searchguard.ssl.transport.http.enforce_clientauth: false
searchguard.ssl.transport.http.truststore_type: JKS
searchguard.ssl.transport.http.truststore_filepath: D:\keys\truststore.jks
searchguard.ssl.transport.http.truststore_password: changeit
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
The HTTPS is working so good.
But when i set :
searchguard.ssl.transport.http.enforce_clientauth: true
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.clientcert.HTTPSClientCertAuthenticator
I got exception “javax.net.ssl.SSLHandSkakExeption: null cert chain”
在 2015年7月1日星期三 UTC+8下午4:16:57,Truong Van Linh写道:
Hi everyone,
Now, i want to implement REST layer SSL (HTTPS) for connecting to Elasticsearch.
I created some files: SearchGuardKS.jdk, SearchGuardTK.jdk, SearchGuardKS.pem,… with Java Keytools. Then in elasticsearch.yml file, i edited some lines following:
searchguard.ssl.transport.http.enabled: true
searchguard.ssl.transport.http.keystore_type: JKS
searchguard.ssl.transport.http.keystore_filepath: D:\keys\SearchguardKS.jks
searchguard.ssl.transport.http.keystore_password: changeit
searchguard.ssl.transport.http.enforce_clientauth: true
searchguard.ssl.transport.http.truststore_type: JKS
searchguard.ssl.transport.http.truststore_filepath: D:\keys\SearchguardTS.jks
searchguard.ssl.transport.http.truststore_password: changeit
After that, i can’t connect to Elasticsearch, i got a message:
"The connection to ‘localhost’ failed.
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to localhost (for #152) failed. System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate Win32 (SChannel) Native Error Code: 0x80090327 ".
So i don’t know how to do next to implement REST layer SSL with Search-guard. Could you help me?
Thanks you
I always got exception “javax.net.ssl.SSLHandSkakExeption: null cert chain”, could you give me your complete config about SearchGuard, thanks a lot