When we started building our Elasticsearch cluster we did not enable SSL.
Now the cluster has grown, security demands change a bit and we would like to enable SSL.
But we have a backwards compatibility issue.
It is impossible for us to change all Filebeats, Logstashes and data reading applications all at once to SSL.
So we would like to do this gradually, we are introducing new search and ingest nodes that will be purely SSL (ideally )
From documentation I can see:
Needs to be configured in elasticsearch.yml and
readonlyrest: ssl: keystore_file: "keystore.jks" keystore_pass: readonlyrest key_pass: readonlyrest
Needs to be configured in readonlyrest.yml.
But we have readonlyrest configured in the readonlyrest index.
We have readonlyrest enabled on all nodes.
But on the currently existing nodes we don’t want to enable SSL.
Should we put the readonlyrest ssl config in the index and just not put the ssl config in elasticsearch.yml on the existing nodes?
Would this cause any issues, is this supported?