Hello!
I am working with a supposedly secure cluster that you access through https://localhost: 9200
but when I went to see the metricbeat.yml configuration file I saw a parameter that surprised me:
ssl.verification_mode: false
and when i do a curl i can only acces with de --insecure parameter .
Is my environment really secure? Shouldn't Elasticsearch ask me for a certificate?
Thanks in advanced!
No, it is not secure. The certificate presented by metricbeat is controlled by ssl.certificate, not verification_mode. Elasticsearch with xpack can be configured to require a certificate as described here.
You have a much bigger problem, because metricbeat is not validating the certificate presented by elasticsearch. As the documentation says
This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.
so until my environment has set this: PKI user authentication | Elasticsearch Guide [7.15] | Elastic
it will not really be secure because setting the verification parameter to none let the access anyway, right?
does my ssl: true parameter only encrypt the information ?
What you tell me is possible to do it with the open version or only with the paid version?
Thanks for the help!
Securization seems complicated
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.