ROR SSL: SSL is disabled

cyberjeff · June 12, 2018, 5:00pm

Hi there,
I’m new to readonlyRest and I have problem to enable SSL.

here is my conf:

elasticsearch.yml:

http.type: ssl_netty4

readonlyrest.yml:

readonlyrest:
  enable: true
  prompt_for_basic_auth: false

  ssl:
  enable: true
  keystore_file: "keystore.jks"
  keystore_pass: readonlyrest
  key_pass: readonlyrest

access_control_rules:

  - name: Accept all requests from localhost
    hosts: [127.0.0.1]

I’ve generated the keystore / keys like this:
keytool -keypasswd readonlyrest -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass readonlyrest -validity 3650 -keysize 2048

I tried with version: 1.16.19 and 1.16.20_pre8
elasticsearch: 6.2.4

keytool -list -keystore keystore.jks:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

selfsigned, Jun 12, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): B3:9D:26:72:1C:0B:BA:52:DF:7A:BF:D1:EC:E6:1A:ED:11:BB:60:C0

I tried many things and every try result with the same message:

[2018-06-12T18:42:23,349][INFO ][t.b.r.e.SSLTransportNetty4] ROR SSL: SSL is disabled
[2018-06-12T18:42:23,412][INFO ][t.b.r.e.SSLTransportNetty4] [node-1] publish_address {157.168.95.17:9200}, bound_addresses {157.168.95.17:9200}

Can someone please help?

Thanks,
Jeff.

cyberjeff · June 13, 2018, 8:30am

I’ve started again from scratch and for some reasons, it is working now…
I suspect a formatting problem in yml file…

sscarduzio · June 13, 2018, 9:22am

Hello @cyberjeff,

The mistake was the indentation of the SSL block (the stuff below “ssl:” should have been indented). Well done on solving this