Can elasticsearch be accessed by http and htpps simultaneously?


I am working with a supposedly secure cluster that you access through https://localhost: 9200

but when I went to see the metricbeat.yml configuration file I saw a parameter that surprised me:

ssl.verification_mode: false

and when i do a curl i can only acces with de --insecure parameter .

Is my environment really secure? Shouldn't Elasticsearch ask me for a certificate?

Thanks in advanced!

No, it is not secure. The certificate presented by metricbeat is controlled by ssl.certificate, not verification_mode. Elasticsearch with xpack can be configured to require a certificate as described here.

You have a much bigger problem, because metricbeat is not validating the certificate presented by Elasticsearch. As the documentation says

This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.

so until my environment has set this: PKI user authentication | Elasticsearch Guide [7.15] | Elastic

it will not really be secure because setting the verification parameter to none let the access anyway, right?

does my ssl: true parameter only encrypt the information ?

What you tell me is possible to do it with the open version or only with the paid version?

Thanks for the help!
Securization seems complicated

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.