Property and description |
TRANSPORT ( 2-way authentication is enabled by default) |
searchguard.ssl.transport.keystore_type Type of keystore. Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.transport.keystore_filepath Location of the keystore. |
searchguard.ssl.transport.keystore_alias Keystore entry name if there are more than one entries. |
searchguard.ssl.transport.keystore_password Password to access keystore. |
searchguard.ssl.transport.truststore_type Type of truststore. Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.transport.truststore_filepath Location of the truststore. |
searchguard.ssl.transport.truststore_alias Truststore entry name if there are more than one entries. |
searchguard.ssl.transport.truststore_password Password to access truststore. |
searchguard.ssl.transport.enforce_hostname_verification If true, the hostname mentioned in certificate is validated. Set this as false if you are using the general purpose self signed certificates. Possible values: true, false Default value: true |
searchguard.ssl.transport.resolve_hostname If true, the hostname is resolved against the DNS server. Set this as false if you are using general purpose self signed certificates. Note: This is applicable only if the property searchguard.ssl.transport.enforce_hostname_verification is true. Possible values: true, false Default value: true |
searchguard.ssl.transport.enable_openssl_if_available Use if OpenSSL is available instead of JDK SSL. Possible values: true, false Default value: true |
HTTP |
searchguard.ssl.http.enabled Set this to true to enable SSL for a REST interface ( HTTP). Possible values: true, false Default value: true |
searchguard.ssl.http.keystore_type Type of keystore. Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.http.keystore_filepath Location of the keystore. |
searchguard.ssl.http.keystore_alias Keystore entry name if there are more than one entries. |
searchguard.ssl.http.keystore_password Password to access keystore. |
searchguard.ssl.http.truststore_type Type of truststore. Possible values: JKS, PKCS12 Default value: JKS |
searchguard.ssl.http.truststore_filepath Location of the truststore. |
searchguard.ssl.http.truststore_alias Truststore entry name if there are more than one entries. |
searchguard.ssl.http.truststore_password Password to access truststore. |
searchguard.ssl.http.clientauth_mode Option to enable two-way authentication. Possible values: REQUIRE : Requests for the client certificate. OPTIONAL : Used if client certificate is available. NONE : Ignores client certificate even if it is available. Default value: OPTIONAL |
Search Guard Admin |
searchguard.authcz.admin_dn Search Guard maintains all the data in the index searchguard. This is accessible to only users ( client certificate passed in sdadmin command) configured here. |
searchguard.cert.oid All certificates used by the nodes at the transport level need to have the oid field set to a specific value. Search Guard checks this oid value to identify if an incoming request comes from a trusted node in the cluster or not. In the former case, all actions are allowed. In the latter case, privilege checks apply. Additionally, the oid is also checked whenever a node wants to join the cluster. Default value: '1.2.3.4.5.5' |
searchguard.config_index_name Index where all the security configuration is stored. Currently, non-configurable. Default value: searchguard |