Hello!
I am working with a supposedly secure cluster that you access through https://localhost: 9200
but when I went to see the metricbeat.yml configuration file I saw a parameter that surprised me:
ssl.verification_mode: false
and when i do a curl i can only acces with de --insecure parameter .
Is my environment really secure? Shouldn't Elasticsearch ask me for a certificate?
Thanks in advanced!
No, it is not secure. The certificate presented by metricbeat is controlled by ssl.certificate, not verification_mode. Elasticsearch with xpack can be configured to require a certificate as described here.
You have a much bigger problem, because metricbeat is not validating the certificate presented by elasticsearch. As the documentation says
This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.
so until my environment has set this: PKI user authentication | Elasticsearch Guide [7.15] | Elastic
it will not really be secure because setting the verification parameter to none let the access anyway, right?
does my ssl: true parameter only encrypt the information ?
What you tell me is possible to do it with the open version or only with the paid version?
Thanks for the help!
Securization seems complicated
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.