Skip to content
Visit booth 3171 at Google Cloud Next to see how to unlock real-time decisions at scaleMore info

Security and authentication for Aerospike Connect for Elasticsearch

This page describes how to create a TLS Keystore for Aerospike Connect for Elasticsearch.

Create a TLS Keystore

To use TLS, an Aerospike Connect for Elasticsearch connector requires a public/private key pair and corresponding certificate. These must be provided in a keystore file.

The connector supports the proprietary Java Keystore format (“JKS”) and the PKCS #12 format. JKS is the default for versions earlier than Java 9. PKCS #12 is the default for Java 9 and later.

For development and testing, you can generate a new key pair and certificate using the JDK’s keytool command line utility. The following command creates a new keystore file and key/cert pair:

Terminal window
keytool -keystore resources/keystore -alias connector -genkeypair -storetype PKCS12 -keyalg RSA

The keytool will prompt for a new password for the keystore file as well as some additional information about the certificate.

keytool -keystore resources/keystore -alias connector -genkeypair -storetype PKCS12 -keyalg RSA
Enter keystore password:
Re-enter new password:
What is your first and last name?
    [Unknown]:
What is the name of your organizational unit?
    [Unknown]:
What is the name of your organization?
    [Unknown]:
What is the name of your City or Locality?
    [Unknown]:
What is the name of your State or Province?
    [Unknown]:
What is the two-letter country code for this unit?
    [Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
    [no]:  yes

If your existing private key and certificate (chain) are separate PEM files, you can use OpenSSL to combine them into a PKCS #12 keystore:

Terminal window
openssl pkcs12 -inkey ./key.pem -in ./cert.pem --export -out resources/keystore

If you have a chain of certificates because your CA is an intermediary, build the PKCS #12 file as follows:

Terminal window
cat ./cert.pem intermediate.pem rootCA.pem > cert-chain.pem
openssl pkcs12 -inkey ./key.pem -in ./cert-chain.pem -export -out resources/keystore

This command prompts you for an export password. It will set this as the keystore password of the newly-created keystore file. Update the tls configuration section as per above to use the test keystore.

Feedback

Was this page helpful?

What type of feedback are you giving?

What would you like us to know?

+Capture screenshot

Can we reach out to you?