Item | Description |
TRANSPORT ( 2-Way authentication is enabled by default) | |
searchguard.ssl.transport. keystore_type | Type of keystore Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.transport. keystore_filepath | Location where the keystore is stored |
searchguard.ssl.transport. keystore_alias | Keystore entry name if there are more than one entries |
searchguard.ssl.transport. keystore_password | Password to access keystore |
searchguard.ssl.transport. truststore_type | Type of truststore Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.transport. truststore_filepath | Location where the truststore is stored |
searchguard.ssl.transport. truststore_alias | Truststore entry name if there are more than one entries |
searchguard.ssl.transport. truststore_password | Password to access truststore |
searchguard.ssl.transport. enforce_hostname_verification | If true, the hostname mentioned in the certificate is validated. Set this to false if it is general purpose self-signed certificate. Possible values: true, false Default value: true |
searchguard.ssl.transport. resolve_hostname | Applicable only if above property is true. If true, the hostname is resolved against the DNS server. Set this to false if it is general purpose self-signed certificate. Possible values: true, false Default value: true |
searchguard.ssl.transport.enable_ openssl_if_available | Use if OpenSSL is available instead of JDK SSL Possible values: true, false Default value: true |
HTTP | |
searchguard.ssl.http.enabled | Set this to true to enable the SSL for REST interface ( HTTP) Possible values: true, false Default value: true |
searchguard.ssl.http. keystore_type | Type of keystore Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.http. keystore_filepath | Location where the keystore is stored |
searchguard.ssl.http. keystore_alias | Keystore entry name if there are more than one entries |
searchguard.ssl.http. keystore_password | Password to access keystore |
searchguard.ssl.http. truststore_type | Type of truststore Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.http. truststore_filepath | Location where the truststore is stored |
searchguard.ssl.http. truststore_alias | Truststore entry name if there are more than one entries |
searchguard.ssl.http. truststore_password | Password to access truststore |
searchguard.ssl.http. clientauth_mode | Option to enable 2-way authentication. REQUIRE: Client requires the client certificate. OPTIONAL: Client may require the client certificate.. NONE: Ignores client certificate even if it is available. Possible values: REQUIRE, OPTIONAL, NONE Default value: OPTIONAL |
Search Guard Admin | |
searchguard.authcz.admin_dn | Search Guard maintains all the data in an index called searchguard. This is accessible only to users ( client certificate is passed in sdadmin command) configured here. |
Miscellaneous | |
searchguard.cert.oid | All certificates used by the nodes on transport level should have the oid field set to a specific value. This oid value is checked by Search Guard to identify if an incoming request comes from a trusted node in the cluster. If yes, all actions are allowed. If no, privilege checks apply. Also, the oid is checked whenever a node wants to join the cluster. '1.2.3.4.5.5' |
Item | Description |
searchguard.ssl.transport.enabled | Indicates whether the client should use secure transport Possible values: true, false Default value: true |
Item | Description |
elasticsearch.username | Username to be used if basic authentication is enabled |
elasticsearch.ssl.verify | Disable all SSL checks including the hostname and certificate validation. Set this to true if it is general purpose self signed certificates. Possible values: true, false Default value: true |
elasticsearch.ssl.cert | Path of client certificate to be sent to Elastisearch. This is required if 2-way authentication is enabled. |
elasticsearch.ssl.ca | If verify is true, this denotes the path to the CA certificate which is used to sign other certificates. |
elasticsearch.password | Password to be used if basic authentication is enabled. |