-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support self-signed certificate on outputs #29229
Conversation
This pull request does not have a backport label. Could you fix it @belimawr? 🙏
NOTE: |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
4a0a2e7
to
5ec967d
Compare
81511e3
to
952b6bb
Compare
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
Please add the new option to the documentation, too: https://github.com/elastic/beats/tree/master/libbeat/docs/shared-ssl-config.asciidoc |
f5c162e
to
d00e738
Compare
This pull request is now in conflicts. Could you fix it? 🙏
|
1caa93f
to
140ff3b
Compare
Add a new verification mode to accept ES's self signed certificate.
Verify the fingerprint of the root CA and use it as a trusted CA to do the normal TLS verification.
When `ssl.es_ca_fingerprint` is set, look for the certificate matching the fingerprint, validate it's a CA and then add to the list of trusted CAs. Also pin it.
140ff3b
to
3f62b2f
Compare
rebased onto master, force push. |
0e33ada
to
ddc700a
Compare
Adds ssl.ca_trusted_fingerprint option, if set to the HEX fingerprint of a root CA certificate, this certificate is added to the trusted CAs (as if it was defined on ssl.certificate_authorities), then the SSL validation continues as normal. This happens during the SSL handshake. (cherry picked from commit 191a075)
…9301) * Support self-signed certificate on outputs (#29229) Adds ssl.ca_trusted_fingerprint option, if set to the HEX fingerprint of a root CA certificate, this certificate is added to the trusted CAs (as if it was defined on ssl.certificate_authorities), then the SSL validation continues as normal. This happens during the SSL handshake. (cherry picked from commit 191a075) Co-authored-by: Tiago Queiroz <[email protected]>
What does this PR do?
Adds
ssl.ca_trusted_fingerprint
option, if set to a HEX fingerprint of a root CA certificate, this certificate is added tothe trusted CAs (as if it was defined on
ssl.certificate_authorities
), then the SSL validation continues as normal.This happens during the SSL handshake.
Why is it important?
Checklist
- [ ] I have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Author's Checklist
How to test this PR locally
Related issues