Basic understanding of "SSL Only Mode"
22 views
Skip to first unread message
ppa...@gmail.com
Dec 15, 2018, 5:31:21 AM12/15/18
to Search Guard Community Forum
Dear all,
I would like to get a basic understanding for the new "SSL Only Mode".
Regarding the configuration steps is it still necessary to "initialize" Search Guard via sgadmin when TLS and "SSL Only Mode" configuration is in place?
Would the following procedure be enough?
1. Disable shard allocation
2. Stop all nodes
3. Install the Search Guard plugin on all nodes
4. Generate certificates
5. Add the TLS and "SSL Only Mode" configuration to elasticsearch.yml
6. Restart Elasticsearch
7. Enable shard allocation
8. Done?
2. Stop all nodes
3. Install the Search Guard plugin on all nodes
4. Generate certificates
5. Add the TLS and "SSL Only Mode" configuration to elasticsearch.yml
6. Restart Elasticsearch
7. Enable shard allocation
8. Done?
Thanks in advance and kind regards,
Daniel
SG
Dec 15, 2018, 9:28:28 AM12/15/18
to search...@googlegroups.com
According to https://docs.search-guard.com/latest/search-guard-oem-ssl-only#ssl-only-mode sgadmin is not relevant if the "ssl only mode" is enabled.
Regarding your prodecure: What is the initial state of the cluster? No SG or Full SG installed?
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a3c8f7a7-a51e-4775-839a-f9ed57d398cc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Regarding your prodecure: What is the initial state of the cluster? No SG or Full SG installed?
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a3c8f7a7-a51e-4775-839a-f9ed57d398cc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
ppa...@gmail.com
Dec 15, 2018, 11:31:58 AM12/15/18
to Search Guard Community Forum
Currently SG is fully installed and initialized. Might this lead to problems when I try enabling "SSL Only Mode"?
SG
Dec 15, 2018, 12:07:40 PM12/15/18
to search...@googlegroups.com
what is your use case? why do you want to "downgrade"?
> Am 15.12.2018 um 17:31 schrieb ppa...@gmail.com:
>
> Currently SG is fully installed and initialized. Might this lead to problems when I try enabling "SSL Only Mode"?
>
> Am 15.12.2018 um 17:31 schrieb ppa...@gmail.com:
>
> Currently SG is fully installed and initialized. Might this lead to problems when I try enabling "SSL Only Mode"?
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/62623b77-cb06-4d41-929c-373d695be9e1%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
ppa...@gmail.com
Dec 16, 2018, 2:05:37 AM12/16/18
to Search Guard Community Forum
I'm pretty new to the ELK stack and it's just an idea right now to keep the Elasticsearch backend and configuration as lean as possible and to simplify troubleshooting. Our frontend by the way is a Graylog cluster for centralized log management. At the same time I want to avoid MITM attacks and therefore use transport encryption. The actual access control should be secured by let's say iptables.
Would there be a searchguard index if "SSL Only Mode" is enabled or asked differently could I simply delete the searchguard index after enabling?
Would there be a searchguard index if "SSL Only Mode" is enabled or asked differently could I simply delete the searchguard index after enabling?
SG
Dec 17, 2018, 1:46:13 AM12/17/18
to search...@googlegroups.com
There is no searchguard index in SSL only mode and after enabling it you should really delete it.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/fedc30a7-500a-4108-b2b3-0238f3bd786b%40googlegroups.com.
ppa...@gmail.com
Dec 17, 2018, 10:56:38 AM12/17/18
to Search Guard Community Forum
Thanks for your feedback. I have successfully "downgraded" today and also deleted the searchguard index.
Reply all
Reply to author
Forward
0 new messages