Version: 7.x-51.0.0

Using the Search Guard demo installer

The demo installation script that ships with Search Guard comes with certificates that you can use to run a PoC or to test-drive our features.

Since the demo certificates are the same for each Search Guard installation, do not use them in production.

To execute the demo installation:

  • cd into <Elasticsearch directory>/plugins/search-guard-7/tools
  • Execute ./ the script first if necessary.)

The demo installer will ask if you would like to install the demo certificates, if the Search Guard configuaration should be automatically initialized and if cluster mode should be enabled. Answer as follows:

Search Guard 7 Demo Installer
 ** Warning: Do not use on production or publicly reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Enable cluster mode? [y/N] n

Generated certificates

The demo installer will place the following files in the config directory of your Elasticsearch installation:

  • root-ca.pem the root CA used for signing all other certificates
  • esnode.pem the node certificate used on the transport- and REST-layer
  • esnode-key.pem the private key for the node certificate
  • kirk.pem the admin certificate, allows full access to the cluster and can be used with sgadmin and the REST management API
  • kirk-key.pem the private key for the admin certificate

Allow demo certificate usage

Since the demo certificates are unsafe to use on a production cluster, you must explicitely allow their usage by adding the following line to elasticsearch.yml:

searchguard.allow_unsafe_democertificates: true

The demo installation script adds this line automatically.

Not what you were looking for? Try the search.