jalogisch/gist:468c810d5a6f7066de264c8a0d24e7ed

## gistfile1.txt
Elasticsearch HTTPS:
- X-Pack (Elastic Kostenpflichtig)
- Search Guard (OSS & Pay Plan) https://github.com/floragunncom/search-guard
- NGINX Proxy ( https://www.elastic.co/blog/playing-http-tricks-nginx )

MongoDB TLS:
- https://docs.mongodb.com/manual/tutorial/configure-ssl/
- Certificate based authentication is tricky but can be done

Graylog TLS:
- http://docs.graylog.org/en/2.4/pages/configuration/https.html
- REST & WEB need to be enabled both with the certificate
- Depending on the Input TLS can be enabled with own certificate
  - some might allow client based certification


General:
- CA need to be known to all Software
- if SelfSigned it need to be know to all

Advertorial:
- https://github.com/graylog-labs/shadowCA
- https://github.com/jalogisch/bartwickelmaschine/tree/master/create_self_signed_ssl_certs
	Elasticsearch HTTPS:
	- X-Pack (Elastic Kostenpflichtig)
	- Search Guard (OSS & Pay Plan) https://github.com/floragunncom/search-guard
	- NGINX Proxy ( https://www.elastic.co/blog/playing-http-tricks-nginx )

	MongoDB TLS:
	- https://docs.mongodb.com/manual/tutorial/configure-ssl/
	- Certificate based authentication is tricky but can be done

	Graylog TLS:
	- http://docs.graylog.org/en/2.4/pages/configuration/https.html
	- REST & WEB need to be enabled both with the certificate
	- Depending on the Input TLS can be enabled with own certificate
	- some might allow client based certification


	General:
	- CA need to be known to all Software
	- if SelfSigned it need to be know to all

	Advertorial:
	- https://github.com/graylog-labs/shadowCA
	- https://github.com/jalogisch/bartwickelmaschine/tree/master/create_self_signed_ssl_certs