for diagnosting TLS errors I´ve tested “sgtlsdiag.sh” using the command
user@host:/path/to/search-guard-tlstool-1.5/tools> ./sgtlsdiag.sh -es /path/to/elasticsearch-6.2.4/config/elasticsearch.yml -v
All I got was:
Reading node config file /path/to/elasticsearch-6.2.4/config/elasticsearch.yml
Looking in the code at https://github.com/floragunncom/search-guard-tlstool/blob/master/src/main/java/com/floragunn/searchguard/tools/tlsdiag/SearchGuardTlsDiagnosis.java it looks like
the “Using Keystore and Truststore files” setup isn´t supported by that tool, right ?
If so, it would be helpful to get at least some output, just to notify the user that no analysis is possible because allCaFiles is empty.
Any other way to verify the current searchguard setup?