Wildcard for dns and ip in tlsconfig.yml

apsga · April 23, 2019, 10:46pm

Elasticsearch Version: 5.6.15

Search Guard Version: 5.6.15-19.3

I was wondering if it was possible to use wildcards as part of the DNS/IP list in tlsconfig.yml

ex

nodes:
  - name: somenode
    dn: CN=somenode.onprem.com,OU=Ops,O=ES Ops,DC=somenode-onprem,DC=com
    dns:
    - blah-api
    - *-elasticsearch
    - es-*
    ip:
    - 100.107.65.*

jkressin · April 24, 2019, 9:44am

No, as per spec wildcards in IP addresses are not allowed:

When the subjectAltName extension contains an iPAddress, the address MUST be stored in the octet string in “network byte order”, as specified in [RFC791]. The least significant bit (LSB) of each octet is the LSB of the corresponding byte in the network address. For IP version 4, as specified in [RFC791], the octet string MUST contain exactly four octets. For IP version 6, as specified in [RFC2460], the octet string MUST contain exactly sixteen octets.

( RFC 5280 )

system · May 15, 2019, 9:44am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Searchguard.nodes_dn incorrect configured Search Guard	10	461	February 16, 2021
Searchguard Configuration with Elastic Azure LoadBalancer DNS(4 node cluster) Search Guard	4	706	March 17, 2019
Restricting Elasticsearch cluster connection to only certain IPs Search Guard	3	359	June 23, 2017
Cannot add node - TLS error Search Guard	4	1456	May 29, 2019
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) Search Guard	6	1709	October 19, 2021

Wildcard for dns and ip in tlsconfig.yml

Related Topics