Bug? Heartbeat Browsermonitoring ignoring SSL settings?

Hello all,

I am currently setting up the new Browser Monitoring feature for synthetic checks since this is a great new feature.
I use heartbeat in docker.
I try to ping an internal site in my network. The error message is pretty clearly saying that he doesn't know the ssl:

error executing step: Error: page.goto: net::ERR_CERT_AUTHORITY_INVALID at https://user:pass@mysite.company.com

Trying now to fix this issue by either setting
ssl.verification_mode: none
or

ssl:
    certificate_authorities: ['/etc/ca.crt']
    supported_protocols: ["TLSv1.0", "TLSv1.1", "TLSv1.2"]

in heartbeat.yml seems like to not affect it at all. Doing it with for example the http module works fine.
Also by usign the ca cert i changed my docker-compose file to mount the ca file to /etc/ca.crt and gave it permissons to read with chmod.

Is this a bug or am I just doing something wrong?

Full heartbeat yml:

name: "myhost"

heartbeat.monitors:
- type: browser
  id: my-monitor
  name: My Monitor
  #ssl.verification_mode: none
  ssl:
    certificate_authorities: ['/etc/ca.crt']
    supported_protocols: ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
  schedule: "@every 20s"
  source:
    inline:
      script: |-
        step("load homepage", async () => {
            await page.goto('https://user:pass@mysite.company.com');
        });

setup.ilm.enabled: auto
setup.ilm.rollover_alias: "heartbeat"
setup.ilm.pattern: "000001"

output.elasticsearch:
  hosts: ["https://elasticsearch:9200"]
  username: "beats_writer"
  password: "*******************"
  ssl.verification_mode: none

If anyone has a guess, I am looking forward to any ideas! :slight_smile:

Thanks and greetings

Simon

Hi Simon, sorry to hear you've hit a rough spot here, but thanks for the kind words! I think we could do better here and have opened [Heartbeat] `ssl.verification_mode_none` should work for browsers · Issue #27202 · elastic/beats · GitHub to tackle this.

In the meantime, we do have a workaround in our latest synthetics versions, but its only in our 7.14 docs!

The browser monitors don't use the same TLS settings since it's really chromium. The best workaround right now is documented here. Notice the ignoreHttpsErrors option.

You'll need to make sure your NPM project is running the latest version of the synthetics library as well, so check your package.json to make sure it's not locked to an older version.

1 Like

Hi Andrew,

thanks! That explains my issue perfectly. I'll use the workaround until the issue is resolved.

Greetings

Simon

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.