add certificate authentication to elasticsearch

[jalogisch]

Context

Elasticsearch is now providing with searchguard plugin or the x-pack security feature the ability to authenticate with a certificate.

Graylog should be able to authenticate not only with username/password but also certificates to make elasticsearch connection more secure.

Your Environment

• Graylog Version: 3.1
• Elasticsearch Version: 6.8

[radykal-com]

Two links that can help building a development environment to test this: Run Elasticsearch in docker with SSL: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/configuring-tls-docker.html Configure client certificate Auth: https://www.elastic.co/es/blog/elasticsearch-security-configure-tls-ssl-pki-authentication

[radykal-com]

How are client certificates going to be configured?

• In conf file on all servers specifying the filesystem path to the certificate, and the optional passphrase to decrypt the file
• In Cluster config, using the UI?

What kind of certificate files are going to be supported? PKCS12, PEM, both?

[Bublomir]

Any updates on this feature? I can't find any configurations of Graylog and Elasticsearch authentication with certificates, so I assume it is not implemented yet.

[ghost]

Anything planned yet to implement this ? Also for the connection to mongodb this should also be nice, Any updates on this will be appreciated very much

[Jarvid]

@johan-open-future for mongodb this is already working once you added the certificates to the trust/keystores and added the subjectname of the clientcertificate as username to the mongouri.

I've found no way to get client certificate authentication to work with open search though.

[scMarkus]

We are looking into this as well. Having a certificate based authentication would be greatly appreciated. Opensearch nicely supports admin certificates already. Any thoughts on this?