API Gateway 10.11 | Administering API Gateway | Security Configuration | Securing API Gateway Communication using TLS | How do I Secure API Data Store Communication using HTTPS? | How do I Secure API Data Store Communication using HTTPS with Search Guard Plugin ? | Search Guard Properties
 
Search Guard Properties
Property and description
TRANSPORT ( 2-way authentication is enabled by default)
searchguard.ssl.transport.keystore_type
Type of keystore.
Possible values: JKS, PKCS12
Default value: JKS
searchguard.ssl.transport.keystore_filepath
Location of the keystore.
searchguard.ssl.transport.keystore_alias
Keystore entry name if there are more than one entries.
searchguard.ssl.transport.keystore_password
Password to access keystore.
searchguard.ssl.transport.truststore_type
Type of truststore.
Possible values: JKS, PKCS12
Default value: JKS
searchguard.ssl.transport.truststore_filepath
Location of the truststore.
searchguard.ssl.transport.truststore_alias
Truststore entry name if there are more than one entries.
searchguard.ssl.transport.truststore_password
Password to access truststore.
searchguard.ssl.transport.enforce_hostname_verification
If true, the hostname mentioned in certificate is validated. Set this as false if you are using the general purpose self signed certificates.
Possible values: true, false
Default value: true
searchguard.ssl.transport.resolve_hostname
If true, the hostname is resolved against the DNS server. Set this as false if you are using general purpose self signed certificates.
Note:
This is applicable only if the property searchguard.ssl.transport.enforce_hostname_verification is true.
Possible values: true, false
Default value: true
searchguard.ssl.transport.enable_openssl_if_available
Use if OpenSSL is available instead of JDK SSL.
Possible values: true, false
Default value: true
HTTP
searchguard.ssl.http.enabled
Set this to true to enable SSL for a REST interface ( HTTP).
Possible values: true, false
Default value: true
searchguard.ssl.http.keystore_type
Type of keystore.
Possible values: JKS, PKCS12
Default value: JKS
searchguard.ssl.http.keystore_filepath
Location of the keystore.
searchguard.ssl.http.keystore_alias
Keystore entry name if there are more than one entries.
searchguard.ssl.http.keystore_password
Password to access keystore.
searchguard.ssl.http.truststore_type
Type of truststore.
Possible values: JKS, PKCS12
Default value: JKS
searchguard.ssl.http.truststore_filepath
Location of the truststore.
searchguard.ssl.http.truststore_alias
Truststore entry name if there are more than one entries.
searchguard.ssl.http.truststore_password
Password to access truststore.
searchguard.ssl.http.clientauth_mode
Option to enable two-way authentication.
Possible values:
*REQUIRE : Requests for the client certificate.
*OPTIONAL : Used if client certificate is available.
*NONE : Ignores client certificate even if it is available.
Default value: OPTIONAL
Search Guard Admin
searchguard.authcz.admin_dn
Search Guard maintains all the data in the index searchguard. This is accessible to only users ( client certificate passed in sdadmin command) configured here.
Miscellaneous
searchguard.cert.oid
All certificates used by the nodes at the transport level need to have the oid field set to a specific value. Search Guard checks this oid value to identify if an incoming request comes from a trusted node in the cluster or not. In the former case, all actions are allowed. In the latter case, privilege checks apply. Additionally, the oid is also checked whenever a node wants to join the cluster.
Default value: '1.2.3.4.5.5'
searchguard.config_index_name
Index where all the security configuration is stored. Currently, non-configurable.
Default value: searchguard
searchguard.enable_snapshot_restore_privilege, searchguard.check_snapshot_restore_write_privileges
Enables user privileges, which a user requires to perform snapshot and restore operations.
searchguard.enterprise_modules_enabled
Specifies the license type. If you are using a trail version, set the property to false.
searchguard.restapi.roles_enabled
Specifies which Search Guard roles can access the REST Management API to perform changes to the configuration.