I keep getting this error (tried different settings) … just wanted to try a plain vanilla basic authentication w/o ssl
Step 1 - Installed the searchguard plug-in using the following command → bin/elasticsearch-plugin install -b com.floragunn:search-guard-5:5.2.2-11
Step 2 - Tried to start the cluster (version 5.2.2 - one node cluster), but got this error “searchguard.ssl.transport.keystore_filepath must be set if transport ssl is reqested”
Based on the support matrix that I found in the seach-guar wiki, ssl support comes bundled for searchguard 5.2.2-11, so I’ve decided to explicitly disable ssl.
Grabbed these options from the searchguard-ssl-config-template.yml
file and added them to elasticsearch-5.2.2/plugins/search-guard-5/sgconfig/elasticsearch.yml
Step 3 - added the following options to elasticsearch.yml
searchguard.ssl.transport.* settings are for the transport API (mainly used for inter-cluster communication, but also for sgadmin)
searchguard.ssl.http.* settings are for the REST API (used for applications, e.g. logstash,kibana,…) for which SSL/TLS can be disabled.
the elasticsearch.yml(.example) file in the sgconfig directory is just an example for the “real” elasticsearch config. (usually in /etc/elasticsearch/elasticsearch.yml)
regards,
0x2a
···
On Sunday, April 9, 2017 at 4:53:28 PM UTC+2, Leo Selochnik wrote:
Hello,
I keep getting this error (tried different settings) … just wanted to try a plain vanilla basic authentication w/o ssl
Step 1 - Installed the searchguard plug-in using the following command → bin/elasticsearch-plugin install -b com.floragunn:search-guard-5:5.2.2-11
Step 2 - Tried to start the cluster (version 5.2.2 - one node cluster), but got this error “searchguard.ssl.transport.keystore_filepath must be set if transport ssl is reqested”
Based on the support matrix that I found in the seach-guar wiki, ssl support comes bundled for searchguard 5.2.2-11, so I’ve decided to explicitly disable ssl.
Grabbed these options from the searchguard-ssl-config-template.yml
file and added them to elasticsearch-5.2.2/plugins/search-guard-5/sgconfig/elasticsearch.yml
Step 3 - added the following options to elasticsearch.yml
0x2a is correct, you cannot disable TLS on the transport layer if you want to have authentication/authorisation.
We are in the course of updating the complete docs to make this more clear. In the meantime, you can use the tools mentioned by 0x2a to generate the certs.
As a side note: The next release of Search Guard will include a script to generate and install demo certificates on a vanilla ES installation. Release is planned for next week. Stay tuned!
···
On Sunday, April 9, 2017 at 4:53:28 PM UTC+2, Leo Selochnik wrote:
Hello,
I keep getting this error (tried different settings) … just wanted to try a plain vanilla basic authentication w/o ssl
Step 1 - Installed the searchguard plug-in using the following command → bin/elasticsearch-plugin install -b com.floragunn:search-guard-5:5.2.2-11
Step 2 - Tried to start the cluster (version 5.2.2 - one node cluster), but got this error “searchguard.ssl.transport.keystore_filepath must be set if transport ssl is reqested”
Based on the support matrix that I found in the seach-guar wiki, ssl support comes bundled for searchguard 5.2.2-11, so I’ve decided to explicitly disable ssl.
Grabbed these options from the searchguard-ssl-config-template.yml
file and added them to elasticsearch-5.2.2/plugins/search-guard-5/sgconfig/elasticsearch.yml
Step 3 - added the following options to elasticsearch.yml
