Securing Communication with Event Data Store
When you install Event Data Store it comes with a pre-configured SSL certificate, and default keystore and trustore files. The keystore and truststore function as repositories for the storage of keys and certificates necessary for SSL authentication, encryption/decryption, and digital signing/verification services. You can find the default truststore and keystore files in the following locations:
Software AG_directory /EventDataStore/plugins/search-guard-2/sgconfig/kirk-keystore.jks
Software AG_directory /EventDataStore/plugins/search-guard-2/sgconfig/truststore.jks
For more information about how to enable or disable SSL for
Event Data Store, see
Enabling SSL for
Event Data Store and
Disabling SSL for
Event Data Store, respectively.
The Event Data Store is enabled for SSL through the Elasticsearch Search Guard plugin. The Search Guard plugin provides an sgadmin command line tool that you can use to customize your Search Guard configuration. To modify the Search Guard configuration of an SSL-enabled Event Data Store, you must authenticate the sgadmin tool with a .jks-based keystore and truststore. Run one of the following scripts to access the sgadmin tool:
For Linux -
Software AG_directory /EventDataStore/repo/search-guard-2/tools/sgadmin.sh.
For Windows -
Software AG_directory \EventDataStore\repo\search-guard-2\tools\sgadmin.bat.
If you use Event Data Store in a production environment, you should replace the Event Data Store default certificates, keystore and truststore files with custom files. For more information about creating keystores and truststores, importing keys and certificates into keystores and truststores, and other operations with these files, see the documentation for your certificate management tool.