Integrate Software AG Products Using Digital Event Services : API Gateway Configuration Guide : API Gateway Configuration : Secure Event Data Store for API Gateway : Securing Event Data Store
Securing Event Data Store
1. Shutdown API Gateway.
2. Open SAG_Root/EventDataStore/bin/enable_ssl.bat/sh and comment the last line /plugins/search-guard-2/tools/sgadmin.bat/sh and save the changes.
3. Copy sagconfig from SAG_Root/IntegrationServer/instances/Instance_Name/packages/WmAPIGateway/config/resources/elasticsearch to SAG_Root/EventDataStore.
4. Execute SAG_Root/EventDataStore/bin/enable_ssl.bat/sh.
5. Execute SAG_Root/EventDataStore/bin/shutdown.bat/sh to shutdown Event Data Store.
6. Open SAG_Root/EventDataStore/config/elasticsearch.yml. Remove all properties that start with searchguard, and add the following properties.
searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: ../sagconfig/node-0-keystore.jks
searchguard.ssl.transport.keystore_alias: cn=node-0
searchguard.ssl.transport.keystore_password: a362fbcce236eb098973
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: ../sagconfig/truststore.jks
searchguard.ssl.transport.truststore_alias: root-ca-chain
searchguard.ssl.transport.truststore_password: 2c0820e69e7dd5356576
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enable_openssl_if_available: true

searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_type: JKS
searchguard.ssl.http.keystore_filepath: ../sagconfig/node-0-keystore.jks
searchguard.ssl.http.keystore_alias: cn=node-0
searchguard.ssl.http.keystore_password: a362fbcce236eb098973
searchguard.ssl.http.truststore_type: JKS
searchguard.ssl.http.truststore_filepath: ../sagconfig/truststore.jks
searchguard.ssl.http.truststore_alias: root-ca-chain
searchguard.ssl.http.truststore_password: 2c0820e69e7dd5356576
searchguard.ssl.http.clientauth_mode: OPTIONAL

searchguard.authcz.admin_dn:
- "CN=sgadmin"
7. Save the changes made to the file elasticsearch.yml
8. Execute SAG_Root/EventDataStore/bin/startup.bat/sh to start Event Data Store.
9. Go to SAG_Root/EventDataStore/plugins/search-guard-2/tools and execute sgadmin.bat -cd ..\..\..\sagconfig\ -ks ..\..\..\sagconfig\sgadmin-keystore.jks -kspass 49fc2492ebbcfa7cfc5e -ts ..\..\..\sagconfig\truststore.jks -tspass 2c0820e69e7dd5356576 -nhnv -p 9340 -cn SAG_EventDataStore.
-p is the TCP port and -cn is the cluster name. Use / for shell scripts.)
10. Execute SAG_Root/EventDataStore/bin/shutdown.bat/sh. This is required only if the API Gateway is configured to start the Event Data Store on startup which is the default configuration.
Now all TCP connections are secured with two-way authentication and HTTPS is enabled with basic authentication for the credentials Administrator and manage (with no two-way authentication) with the out of the box self-signed certificates.
Copyright © 2017 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback