no, you can’t avoid the certificates for sgadmin.
First, sgadmin works on transport level, not HTTP level, that’s why a certificate is mandatory. Second, since changing the internal SG index poses a security thread to the cluster, we need to reliably identify who is trying to change the config.
We’re thinking about an admin role for SG6, but the requirement for providing the cert is most likely not going away in SG5.
If you just need a quick way of generating certificates, you can always use our TLS certificate generator on our website:
On Tuesday, May 30, 2017 at 3:11:04 PM UTC+2, Wenceslas des Deserts wrote:
I’m trying to setup SearchGuard on a cluster. Since it’s only for testing purposes, I would rather avoid having to set up TLS at client/http level. I understand that it’s mandatory at transport level.
When I try to use sgadmin.sh to load my configuration into Elasticsearch, the script always ask for certificates. My question is, since I do not have TLS at client level, why does the script need certificates ? Can I avoid providing them ?
Wenceslas des Déserts.