-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support custom cert store #170
Comments
As a temporary work around, build a custom container based on the official one. The private certificate authority (CA) file needs to be copied to |
We've documented @a03nikki 's approach here: https://github.com/elastic/synthetics/blob/master/examples/todos/Dockerfile#L20 . Ideally there'd be a way to do this in a more streamlined way, just running the It doesn't seem like there's any way to adjust the CA store just for the browser rather than for the whole system. @vigneshshanmugam @jahtalab do you know of any way to do this without requiring root? |
Since we changed to Ubuntu as a basis for the docker images, the command changed from And ubuntu needs a Converting a base64 file (often known as PEM) maybe we could add some magic to the docker image that it tries to detect what format it is and we could convert it on the fly? |
This workaround work for me on ubuntu image: Login as root to run: Exit and login as elastic-agent and run |
Linking #717 |
A recent discussion also led to one idea being to include custom CAs when pushing configurations. |
+1 Does this issue incorporate the ability for Synthetics to support certificate-based authentication, or would that be a separate issue? |
@Jaraxal for lightweight monitors that is very readily supported. For browser monitors with playwright it's a bit tricky |
Will this approach change again with the move to wofli images? |
Clusters on air-gapped networks with PKI are going to need this badly. |
Playwright is supporting this option in their version 1.46 -- https://playwright.dev/docs/next/api/class-browser#browser-new-context-option-client-certificates Which version are we running and when can we expect to make it available in Elastic Synthetics? |
@felix-lessoer |
@felix-lessoer In-memory certificates will land on a upcomingPW release, we might be able to extend Elastic Synthetics to support it then. cc @drewpost @andrewvc @vigneshshanmugam @graphaelli
@graphaelli It shouldn't, Chromium should use nss store regardless of the distro. The tools required to manually edit the storage do vary across distros. |
Keeping this as open till we have the necessary docs in place which should cover both Elastic managed locations and also private locations. |
We should support some simple way of supporting custom certs for playwright. See microsoft/playwright#1799 (comment) for more info.
The text was updated successfully, but these errors were encountered: