Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
Alias name: tribe-cert
Creation date: Jul 27, 2016
Entry type: trustedCertEntry
Owner: CN=elk-tribe.company.us, OU=IT, O=company, L=City, ST=State, C=ST
Issuer: C=US, O=company LLC, OU=companyIT, CN=company Server CA
Serial number: 5a8583f1c81654b6
Valid from: Wed Jul 27 08:21:58 MST 2016 until: Fri Jul 27 08:21:58 MST 2018
Certificate fingerprints:
MD5: E2:9B:26:00:ED:FD:66:DD:1C:6E:D5:BA:2F:08:ED:71
SHA1: 76:4E:5E:63:FB:88:93:99:EF:71:48:63:EE:AB:CC:0E:62:20:B7:D2
SHA256: 2C:A0:4C:E5:F4:E6:D4:8A:ED:68:4F:0A:7B:7D:8C:91:D8:B4:1E:43:71:0A:CF:AF:51:CD:38:21:AC:0C:F9:58
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
redacted ...<
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://redacted]
CRLIssuer:[C=US, O=company LLC, OU=companyIT, CN=company Server CA]
]]
#4: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
1.3.6.1.5.5.7.3.21
0.4.0.2231.3.0
]
#5: ObjectId: 2.5.29.46 Criticality=false
FreshestCRL [
[DistributionPoint:
[URIName: http://redacted
]]
#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: elk-tribe.company.us
IPAddress: 192.168.255.161
]
#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
redacted l...
]
]
Alias name: tribe-key
Creation date: Jul 27, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=elk-tribe.company.us, OU=IT, O=company, L=City, ST=State, C=ST
Issuer: CN=elk-tribe.company.us, OU=IT, O=company, L=City, ST=State, C=ST
Serial number: 26b233c6
Valid from: Wed Jul 27 08:23:32 MST 2016 until: Mon Jul 09 08:23:32 MST 2018
Certificate fingerprints:
MD5: B8:B9:A1:8E:C1:E0:9C:21:3D:FF:BF:6F:54:88:1C:2B
SHA1: A6:C6:28:FD:AD:9D:5F:BF:E6:8F:13:34:B8:7A:F8:58:C2:26:89:D7
SHA256: 8C:F3:3E:98:F0:94:FE:F9:01:BC:AF:49:C3:6D:DB:D2:5A:34:DF:AF:68:C0:46:69:32:81:23:72:36:83:80:70
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
Redated
]
]
Alias name: company_ca
Creation date: Jul 27, 2016
Entry type: trustedCertEntry
Owner: C=US, O=company LLC, OU=companyIT, CN=company Server CA
Issuer: C=US, O=company LLC, OU=companyIT, CN=company Server CA
Serial number: 4694d204c830a425
Valid from: Wed Dec 17 13:36:26 MST 2014 until: Sat Dec 17 13:36:26 MST 2044
Certificate fingerprints:
MD5: F0:CB:31:05:0E:05:86:3C:FA:E3:9A:61:CE:F1:B2:9F
SHA1: 2E:92:93:A7:10:AB:00:FB:1B:DF:BC:2C:FF:AA:89:CF:B6:DD:CF:68
SHA256: CA:8F:51:1D:0C:F1:CD:71:93:2A:13:D1:DD:FE:1A:CC:42:6E:F0:C3:1C:94:8E:2D:21:ED:1A:E0:09:F7:A5:26
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
redacted
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
redacted
]
shield.audit.enabled: true
shield.ssl.keystore.path: "/etc/elasticsearch/elktribe.jks"
shield.ssl.truststore.path: "/etc/elasticsearch/elktrust.jks"
shield.ssl.truststore.password: "redacted"
shield.ssl.keystore.password: "redacted"
shield.ssl.keystore.key_password: "redacted"
shield.transport.ssl: false
shield.http.ssl: true
shield.ssl.ciphers: TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
shield.ssl.hostname_verification.resolve_name: false
shield. authc:
realms:
file1:
type: file
order: 0
enable: true
files:
users: /etc/elasticsearch/shield/users
users_roles: /etc/elasticsearch/shield/users_roles
ldap1:
type: ldap
order: 1
enabled: false
url: 'url_to_ldap1'
ldap2:
type: ldap
order: 2
enabled: false
url: 'url_to_ldap2'