When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version 6.0.0
-
Installed and used enterprise modules, if any No
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
Hi,
I have installed searchguard 6.0.0 and GUI working successfully. But from java side I am using transport client I have used PKI script and generated certificates.
I am using spock certificate but it is giving access to all indices. Not working as user wise roles and permissions.
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_PEMCERT_FILEPATH,“C:\Users\c-kanchanka\Desktop\new_search_guard_file_pki\spock.crtfull.pem”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_PEMKEY_FILEPATH, “C:\Users\c-kanchanka\Desktop\new_search_guard_file_pki\spock.key.pem”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH, “C:\Users\c-kanchanka\Desktop\new_search_guard_file_pki\root-ca.pem”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION, “false”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, “true”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, “true”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_PEMCERT_FILEPATH, “C:\Users\c-kanchanka\Desktop\new_search_guard_file_pki\spock.crtfull.pem”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_PEMKEY_FILEPATH, “C:\Users\c-kanchanka\Desktop\new_search_guard_file_pki\spock.key.pem”)
.put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, “C:\Users\c-kanchanka\Desktop\new_search_guard_file_pki\root-ca.pem”)
and in elastisearch.yml file I have written below entry.
searchguard.ssl.transport.pemcert_filepath: spock.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: spock.key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
- CN=spock,OU=client,O=client,L=Test,C=DE
Please provide solution to restrict access to all indices.
Thanks,
Ajit