CRL or OCSP in Elastic Stack

Rysiu · July 1, 2021, 1:12pm

Hi,

I have a question that relates to the October 2019 thread:

The topic was also brought up:

github.com/elastic/logstash

Add support for TLS/SSL certificate revocations

opened 01:05AM - 13 Feb 20 UTC

VimCommando

enhancement security

As it stands today Logstash does not check if a certificate has been revoked. Th…is means if a certificate has been compromised, the entire trust chain may need to be replaced. To simplify the security response, honoring a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) will be an enormous help. JRuby's SSL libraries already supports this: https://github.com/jruby/jruby-openssl/pull/124

When configuring SSL/TLS in Elasticsearch, is it possible to somehow add support for CRL or OCSP so that the system automatically performs PKI certificate revocation detection?

Is there currently no support for CRL or OCSP?
Is there support for CRL or OCSP in some paid subscription version?

Rysiu · July 6, 2021, 6:40am

Any idea?

system · August 3, 2021, 6:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.