Enabling security with the security tool
Use
the security tool (ssltool.py) to enable
security for the cluster management console (webgui),
RESTful APIs (rest), or Elastic Stack (elk-*) in your cluster.
Enabling security involves generating TLS
certificates to encrypt information, and then configuring components
to use those certificates for security. The
security tool provides both of these functions:
- Certificate generation
- First, the security tool generates server certificates, which
start from a root certificate:
- If you provide a root certificate, the security tool generates the server certificates signed by the provided root.
- If you do not provide a certificate, the security tool first generates a self-signed root certificate, and then generates server certificates signed by that root.
- Security configuration
- After the tool generates the server certificates, it automatically configures
security using these certificates.
The security tool uses parameters from the ssltool.conf file to configure security. It uses the defaults set in that file, or any modifications you may have made to the defaults.
Before you begin
- Python 2.7.5 or higher must be installed on your hosts.
- You must be a cluster administrator to run ssltool.py.
- To
use the SSL tool, ensure that you include the JRE bin directory in your
operating system PATH; for
example:
export PATH=$EGO_TOP/jre/4.0/operating_system_type/bin:$PATH
About this task
The ssltool.py tool is supported on Linux® and Linux for POWER® hosts and is located at $EGO_TOP/4.0/scripts/ssltool/. This directory also contains a README.txt file for detailed usage information.
To learn about enabling security between system daemons or components, see IBM Spectrum Symphony and Transport Layer Security (TLS).