- The elasticsearch-jetty plugin can be used to secure an ES instance for direct access.
- If the first wall you hit, happens to be a "gap" in Jetty know-how then refer to the following to get up to speed:
- 
  Next, you may struggle with your wish for Jetty to be super-secure vs. how to make it happen:
  - 
    http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords
    - Sidebar: The required JAR files will be present in ES_HOME/plugins/jetty once you've setup elasticsearch-jetty.
 
- http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
- http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
 
- 
    http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords
    
- 
  Getting a CA-signed cert is always such a pain so if you can re-purpose an existing one ... great!
  - 
    Need to perform some transformations on the available keys & certs? You may refer to http://www.sslshopper.com/article-most-common-openssl-commands.html ... I found the following instructions provided there to be particularly useful:
    Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM 
 openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
 You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
- Using Portecle (wrapped with Jar Bundler) or KeyStore Explorer works well too.
 
- 
    Need to perform some transformations on the available keys & certs? You may refer to http://www.sslshopper.com/article-most-common-openssl-commands.html ... I found the following instructions provided there to be particularly useful:
    
Tuesday, April 24, 2012
Securing ElasticSearch for direct access via a Jetty plugin
Labels:
jar,
jar bundler,
KeyStore Explorer,
mac,
Portecle
Subscribe to:
Post Comments (Atom)
 
0 comments:
Post a Comment