Running a demo with ES 6.4.0 i have a strange feeling about how is handled the setting
xpack.license.self_generated.type: basic in
My need is to have SSL (encryption in transit) and no certs authentication beetween nodes or clients.
Reeding the doc i would assume that this is not possible without a valid gold (at least subscription).
But when trying it and setting
xpack.license.self_generated.type: basic in order to limit the license to the basic subset it seems that the xpack.ssl.* setup are honored correctly.
openssl s_client -CAfile ./certs/ca.pem -showcerts -connect localhost:9300
SSL handshake has read 1388 bytes and written 194 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 5BACE946CA28B152230EBB34E80E8E0A4F836A965791D0C01214120964BEEBA0 Session-ID-ctx: Master-Key: 8FDDF779120F8C8FEAFA4769F962B342B5A91E2E8F91A847E416E0B3B0CDC55E92A98DA2C486C77687064E06EA5E79EC Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1538058566 Timeout : 300 (sec) Verify return code: 0 (ok) ---
curl --cacert certs/ca.pem -I https://localhost:9200:
HTTP/1.1 200 OK content-type: application/json; charset=UTF-8 content-length: 500
Any explanation to what i am missing here ?