Hi,

Anyone have done secure APIGW IDS using readonly ? Following are the detail but it’s failing to login with APIGW’s IS credential.

Elasticsearch 8.2.3 and readonlyrest-1.58.0_es8.2.3

Internal Elastic Search Content:
cluster.name: SAG_EventDataStore
node.name: SAG-NODE134564
path.logs: E:\SoftwareAPIGW\InternalDataStore/logs
network.host: 0.0.0.0
http.port: 9240
discovery.seed_hosts: [“SAG-NODE134564:9340”]
transport.port: 9340
path.repo: [‘E:\SoftwareAPIGW\InternalDataStore/archives’]
cluster.initial_master_nodes: [“SAG58623”]
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
action.destructive_requires_name: false
http.type: ssl_netty4

Readonly Rest File Content:

readonlyrest:
access_control_rules:

- name: "Require HTTP Basic Auth"
type: allow
auth_key: Administrator:APIGW_Login_Console_Password_And_Not_manage.

ssl:
enable: true
keystore_file: "keystore.jks"
keystore_pass: password
key_pass: password
client_authentication: false
truststore_file: "truststore.jks"
truststore_pass: password

In IS log
it’s appearing as below message and not allowing to login.
[ISS.0012.9999I] (tid=313) Password stored as weak hash. Consider updating password to migrate to a stronger hash

IDS Log
SSLNetty4HttpServerTransport] [SAG-NODE134564] io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 5784554202f20485454 connecting from: /IP Address:51180