Hello,
I am currently working on communication of elasticsearch, fscrawler and kibana over HTTPS channel. I am pretty much successfull in it. For this, I used self signed certificates and followed the documentation given on home site of elasaticsearch.
Problem is that, I am able to access HTTPS service of elasticsearch from a different working station (let's say machine X) which in the same network as the server, but machine X doesn't have the self signed certificate that I used on server machine. My doubt is how I am able to access the service of elasticsearch from X machine, since i don't have self signed certificate installed there. The whole purpose of HTTPS then goes in vain.
NOTE:- I need to add exception in the browser to access elasticsearch's service as it says certificate is not trusted.
The whole purpose of HTTPS is to encrypt the traffic, which does not require you to have certificates on the client machines. If you want to do authentication using certificates you should look at configuring PKI.
Thanks for replying....... Completely agreed with your statement, but my point is anyone can access my data who knows connection string i.e. host and port no. where elastic search is running (from any terminal within the network). All I want only those terminals should have access who have the same certificate as in the server machine.
Thanks again @Christian_Dahlqvist. How can i make sure that my traffic is encrypted. Is there any verification mechanism for the same ?? I still believe that only thing that has changed is that, in connection string "http" is replaced with "https", none of my traffic is encrypted.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.