I am working with a supposedly secure cluster that you access through https://localhost: 9200
but when I went to see the metricbeat.yml configuration file I saw a parameter that surprised me:
and when i do a curl i can only acces with de
--insecure parameter .
Is my environment really secure? Shouldn't Elasticsearch ask me for a certificate?
Thanks in advanced!
No, it is not secure. The certificate presented by metricbeat is controlled by
verification_mode. Elasticsearch with xpack can be configured to require a certificate as described here.
You have a much bigger problem, because metricbeat is not validating the certificate presented by Elasticsearch. As the documentation says
This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.
so until my environment has set this: PKI user authentication | Elasticsearch Guide [7.15] | Elastic
it will not really be secure because setting the verification parameter to none let the access anyway, right?
ssl: true parameter only encrypt the information ?
What you tell me is possible to do it with the open version or only with the paid version?
Thanks for the help!
Securization seems complicated
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.