Using TransportClient with Search guard

Hi,

I have managed to get the node-to-node encryption between ElasticSearch nodes using the standard instructions given in the documentation.

Is it possible to use same certificates to get a TransportClient to connect to ElasticSearch? I continue to get an error about “unknown_certificate”. Does anyone have a good pointer to a set of instructions to get TransportClient to work?

Thanks and regards,

Sameer

···

======

  • Search Guard 6.2.2-22

  • Elasticsearch version 6.2.2

  • JVM version and operating system version - RHEL 7.4

  • Search Guard configuration

You could look at the code I wrote implementing the SG client mode in elasticsearch destination for syslog-ng:

Thanks Fabien for your pointer, I will look at ESTransportSearchGuardClient in this project and let you know.

Thanks and regards,

Sameer

···

On Tue, May 15, 2018 at 4:50 PM, Fabien Wernli swissunix@gmail.com wrote:

You could look at the code I wrote implementing the SG client mode in elasticsearch destination for syslog-ng:

https://github.com/balabit/syslog-ng/pull/1223/files

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d80c9c2a-6a6b-4105-b7da-2d7d87e00a8a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi Fabien,

Looks like these are the options you are using to access ElasticSearch enabled using SG. Does this work with PEM formats as well, or only PKCS12?

Also, have you tried with native protocol, or with HTTP only? Is HTTP authentication required for TransportClient to work with SG, or can I have certificate based encryption only? If possible, I would like to avoid using authentication for now.

java_keystore_filepath("")
java_keystore_password("")
java_truststore_filepath("")
java_truststore_password("")
java_ssl_insecure(“false”)
http_auth_type(“none”)
http_auth_type_basic_username("")
http_auth_type_basic_password("")

Thanks and regards,

Sameer

···

On Tue, May 15, 2018 at 4:50 PM, Fabien Wernli swissunix@gmail.com wrote:

You could look at the code I wrote implementing the SG client mode in elasticsearch destination for syslog-ng:

https://github.com/balabit/syslog-ng/pull/1223/files

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d80c9c2a-6a6b-4105-b7da-2d7d87e00a8a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

I think you’re misunderstanding the transport mode.
ES used to offer 3 different communication means for a client to communicate with a cluster.
These are node, transport and http.

The first two are more or less the same, and mean that your client will be part of the cluster to some extent. They are both deprecated, as far as clients are
concerned. I’d strongly advise you to use HTTP!

For now, I have to try out with Transport, since changing that in my current project is not an option. Eventually, we will move, but not for now.

Regards,

Sameer

···

On Thu, May 24, 2018 at 4:13 PM, Fabien Wernli swissunix@gmail.com wrote:

I think you’re misunderstanding the transport mode.
ES used to offer 3 different communication means for a client to communicate with a cluster.
These are node, transport and http.

The first two are more or less the same, and mean that your client will be part of the cluster to some extent. They are both deprecated, as far as clients are
concerned. I’d strongly advise you to use HTTP!

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0d9a8231-c405-445d-a6b8-cca62ccade9d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

I think java 8 supports pem format to answer your earlier question.