Provide option to specify trust store path for internode SSL


This is being suggested due possible maintenance overhead with current internode SSL function.

Currently ROR uses system’s default truststore for validating the internode SSL functionality for trusted connections. This needs the certificate to be added to system’s default location of truststore. However on windows the truststore is linked to installed path - %JAVA_HOME%/lib/security/cacerts. So lets say if the users are using JRE and have scheduled upgrades, the activity to add the certificate to truststore will need to repeated as new installation be happen in a new path (version specific path). This looks like an unnecessary overhead.

In order to avoid this additional step, ROR should provide an option to specify the path of the truststore instead of trying to use system default. This will be similar to keystore file path/alias/password option. If these are not available, then only ROR should default to system default truststore.

On additional note, for folks migrating from Searchguard SSL to ROR, this feature was already available. Even Elasticsearch’s native security via X-Pack provides similar option to set truststore path. So it would be good to have this version available in ROR as well.


Great point @askids we can definitely add this. Will add to Jira and update this later when done.

This is currently in progress, soon to be delivered. Targeting 1.19.0.

That’s great. Thanks for the update.