I have managed to get the node-to-node encryption between ElasticSearch nodes using the standard instructions given in the documentation.
Is it possible to use same certificates to get a TransportClient to connect to ElasticSearch? I continue to get an error about “unknown_certificate”. Does anyone have a good pointer to a set of instructions to get TransportClient to work?
Thanks and regards,
Sameer
···
======
Search Guard 6.2.2-22
Elasticsearch version 6.2.2
JVM version and operating system version - RHEL 7.4
Looks like these are the options you are using to access ElasticSearch enabled using SG. Does this work with PEM formats as well, or only PKCS12?
Also, have you tried with native protocol, or with HTTP only? Is HTTP authentication required for TransportClient to work with SG, or can I have certificate based encryption only? If possible, I would like to avoid using authentication for now.
I think you’re misunderstanding the transport mode.
ES used to offer 3 different communication means for a client to communicate with a cluster.
These are node, transport and http.
The first two are more or less the same, and mean that your client will be part of the cluster to some extent. They are both deprecated, as far as clients are
concerned. I’d strongly advise you to use HTTP!
I think you’re misunderstanding the transport mode.
ES used to offer 3 different communication means for a client to communicate with a cluster.
These are node, transport and http.
The first two are more or less the same, and mean that your client will be part of the cluster to some extent. They are both deprecated, as far as clients are
concerned. I’d strongly advise you to use HTTP!
–
You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.