Tuesday, April 24, 2012

Securing ElasticSearch for direct access via a Jetty plugin

  1. The elasticsearch-jetty plugin can be used to secure an ES instance for direct access.
  2. If the first wall you hit, happens to be a "gap" in Jetty know-how then refer to the following to get up to speed:
  3. Next, you may struggle with your wish for Jetty to be super-secure vs. how to make it happen:
  4. Getting a CA-signed cert is always such a pain so if you can re-purpose an existing one ... great!
    • Need to perform some transformations on the available keys & certs? You may refer to http://www.sslshopper.com/article-most-common-openssl-commands.html ... I found the following instructions provided there to be particularly useful:
      Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
      openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
      You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
    • Using Portecle (wrapped with Jar Bundler) or KeyStore Explorer works well too.


Post a Comment