I’ve got a number of Elasticsearch clusters that I’d like to convert to using the ODfE plugins. I’m currently hung up on getting the ODfE Security plugin initialized. I’ve already got an LDAP infrastructure set up and have signed TLS certificates to utilize for the transport and REST layers. I’d like to avoid creating a local CA, or 7, just to sign 1 cert that I’m only going to use once to bootstrap things.
Is there an alternative to using certs or a Java keystore with securityadmin.sh?
I was thinking way too hard about the usage of the certs and not the actual nature of the certs.
I retrieved the subject name from the wildcard cert that I’m using for the REST and transport layers and set that as opendistro_security.authcz.admin_dn. Then I just used that wildcard cert and trust chain as inputs to securityadmin.sh.
My cluster is up and running now.
Welcome @reshippie - I moved this topic to the Security category. I think you’ll get better answers for that question there.