Securing ElasticSearch for direct access via a Jetty plugin

1. The elasticsearch-jetty plugin can be used to secure an ES instance for direct access.
2. If the first wall you hit, happens to be a "gap" in Jetty know-how then refer to the following to get up to speed:
   • http://docs.codehaus.org/display/JETTY/Newbie+Guide+to+Jetty
   • http://wiki.eclipse.org/Jetty/Tutorial/Realms
   • http://wiki.eclipse.org/Jetty/Tutorial/Embedding_Jetty
   • http://docs.codehaus.org/display/JETTY/Walkthrough+jetty.xml
   • http://docs.codehaus.org/display/JETTY/Syntax+Reference
3. Next, you may struggle with your wish for Jetty to be super-secure vs. how to make it happen:
   • http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords
     • Sidebar: The required JAR files will be present in ES_HOME/plugins/jetty once you've setup elasticsearch-jetty.
   • http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
   • http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
4. Getting a CA-signed cert is always such a pain so if you can re-purpose an existing one ... great!
   • Need to perform some transformations on the available keys & certs? You may refer to http://www.sslshopper.com/article-most-common-openssl-commands.html ... I found the following instructions provided there to be particularly useful:

     Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
     openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
     You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

   • Using Portecle (wrapped with Jar Bundler) or KeyStore Explorer works well too.