Hi All,
I need to be able to connect some software to my elasticsearch cluster that can’t support self-signed certificates. Can ElasticSearch be configured to listen on two ports, one requiring SSL/TLS (9200) and the other not requiring SSL/TLS (9280)?
The software in question is in development and is not yet capable of handling self-signed certificates.
Thanks very much.
Darren
@DGEllis It is possible to configure what you are looking for if you are running a cluster with more than a single node. You just need to specify the port (http.port: 9280) and disable SSL on http side (opendistro_security.ssl.http.enabled: false). If you do so, you would be able to talk to 2 different nodes using https://:9200 and http://:9280. Although the port number would not be needed in this case, as simply changing the ssl setting on that node (make sure you restart node after changing elasticsearch.yml file) would enable you to call the cluster using 2 separate nodes. The transport layer would still be used under the hood, therefore the cluster would be formed successfully. Hope this helps.