SearchGuard证书配置

cjx__

已于 2023-12-18 13:09:57 修改

阅读量863

点赞数

文章标签：网络服务器运维

于 2019-10-06 12:21:27 首次发布

本文链接：https://blog.csdn.net/cjx__/article/details/102219664

版权

SearchGuard证书配置

增加hosts

192.168.10.120 node1.company.com
192.168.10.xxx node2.company.com
192.168.10.xxx node3.company.com

TLS工具安装
- 下载TLS工具
  https://repo1.maven.org/maven2/com/floragunn/search-guard-tlstool/1.5/
- 解压unzip search-guard-tlstool-1.6.zip tlstool-1.6
TLS生成证书配置
- 复制<tlstool directory>/config/example.yml 并修改成<tlstool-1.6>/config/tlsconfig.yml(名字随意)
- company 是公司名称
- ca: 根证书配置
- node: 节点证书配置
- clients: 客户端证书配置

###
### Self-generated certificate authority
### 
# 
# If you want to create a new certificate authority, you must specify its parameters here. 
# You can skip this section if you only want to create CSRs
#
ca:
   root:
      # The distinguished name of this CA. You must specify a distinguished name.   
      dn: CN=root.ca.company.com,OU=CA,O=company Com\, Inc.,DC=company,DC=com

      # The size of the generated key in bits
      keysize: 2048

      # The validity of the generated certificate in days from now
      validityDays: 3650
      
      # Password for private key
      #   Possible values: 
      #   - auto: automatically generated password, returned in config output; 
      #   - none: unencrypted private key; 
      #   - other values: other values are used directly as password   
      pkPassword: auto 
      
      # The name of the generated files can be changed here
      file: root-ca.pem
      
   # If you want to use an intermediate certificate as signing certificate,
   # please specify its parameters here. This is optional. If you remove this section,
   # the root certificate will be used for signing.         
   intermediate:
      # The distinguished name of this CA. You must specify a distinguished name.
      dn: CN=signing.ca.company.com,OU=CA,O=company Com\, Inc.,DC=company,DC=com
   
      # The size of the generated key in bits   
      keysize: