Is there any way to disable SSL certificate validation for emails sent through Watcher?
I'm having trouble integrating with an SMTP server even after adding the certificate and CA certificate to the truststore.
At least for a test, if I can do something like setting
mail.smtp.ssl.trust=mysmtpserver.com
I can confirm connectivity. Is there any way to pass this property or anything along those lines?
Unfortunately this is not currently possible via Elasticsearch's configuration. We're tracking progress for this feature request in this issue
For the time being, the only workaround is to add the CA certificate that has signed your SMTP server's certificate to the trusted CAs of the JVM that Elasticsearch runs in.
thanks. yes, I tried it but it didn't work; I got the following exception:
[2018-10-02T15:27:19,905][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [
ode_name][] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [mail.smtp.ssl.trust] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.4.0.jar:6.4.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.4.0.jar:6.4.0]
Caused by: java.lang.IllegalArgumentException: unknown setting [mail.smtp.ssl.trust] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:393) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:339) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:311) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:282) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:135) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.node.Node.<init>(Node.java:343) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.node.Node.<init>(Node.java:256) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.4.0.jar:6.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.4.0.jar:6.4.0]
however I'm still testing as on another environment the same setup (I'm using the same docker image) doesn't seem to complain about such an invalid config (trouble is on this other environment I don't have access to the smtp server causing me trouble).
Is there any setting to disable elasticsearch configuration validation so I can test on the environment with access to the smtp server using the invalid certificate?
can you think of any reason why apparently the same setup would throw such exception on one environment and not the other?
No, again, not really. I'd check if the config keys are the same and if the extra config key is indeed added to the configuration file. Are both environments using the same Elasticsearch version?
thanks Ioannis, I have a bit more information now.
The difference between the working/failing environment was not the elasticsearch.yml file but an environment property.
As soon as I have an environment property with name "mail.smtp.ssl.trust", elastic won't start.
At least now I have elastic up and running again. Sorry for the confusion before.
Regarding the config option reintroduced, can you please clarify where should this be setup?
At the email account level in elasticsearch.yml?
Would this be the correct way? I'm using environment properties for all values.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.