This is being suggested due possible maintenance overhead with current internode SSL function.
Currently ROR uses system’s default truststore for validating the internode SSL functionality for trusted connections. This needs the certificate to be added to system’s default location of truststore. However on windows the truststore is linked to installed path - %JAVA_HOME%/lib/security/cacerts. So lets say if the users are using JRE and have scheduled upgrades, the activity to add the certificate to truststore will need to repeated as new installation be happen in a new path (version specific path). This looks like an unnecessary overhead.
In order to avoid this additional step, ROR should provide an option to specify the path of the truststore instead of trying to use system default. This will be similar to keystore file path/alias/password option. If these are not available, then only ROR should default to system default truststore.
On additional note, for folks migrating from Searchguard SSL to ROR, this feature was already available. Even Elasticsearch’s native security via X-Pack provides similar option to set truststore path. So it would be good to have this version available in ROR as well.
@sscarduzio looks like this feature is now available. I see “Custom Truststore” section added in documentation, but not updated in published features in download link. Which version will have this?
Thanks for the update. However, there seems to be issue in the downloads page. Selecting either of ROR for ES or ROR for Kibana, both are sending email with download link to ROR for ES. I tried it for different versions and all seems to have same issue. Can you please check?