Heartbeat: Ignore SSL errors

dosera · March 21, 2017, 5:19pm

Input

heartbeat.monitors
  - type: 'http'
    schedule: '@every60s'
    urls:
      - https://someurl.com:443/path/
    timeout: 20
    status: 200

Now, when the certifcate cannot be validated, I get an error:

Output

error.type: io
error.message: Get https://someurl.com:443/path/: x509 cannot validate certificate for 123.456.78.9 because it doesnt contain any IP SANs

As a consequence, up is false, even though the server is up.

Suggestion

Introduce some flag, maybe ssl_ignore that ignores all these certificate errors.

andrewkroh · March 21, 2017, 6:35pm

Try adding ssl.verification_mode: none to the monitor configuration. It should support the same options as listed in the ssl docs.

andrewkroh · March 21, 2017, 6:37pm

There's also an open enhancement request to allow monitoring the server's certificate chain.

dosera · March 22, 2017, 8:18am

For some reason i didnt notice this in the docs.
The chain enhancement is also very nice.
Thanks!

system · April 19, 2017, 8:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Heartbeat Won't Ignore SSL Verification Beats heartbeat	3	2486	November 22, 2019
"Panic" when ignoring SSL Errors with Heartbeat Beats heartbeat	2	495	February 21, 2019
Monitor HTTPS(SSL) url's Beats heartbeat	4	2034	May 18, 2017
Heartbeat Config advice Beats heartbeat	6	1552	December 15, 2018
HTTP monitor and TLS connection in Heartbeat 7.17.0 Beats heartbeat	6	1472	April 22, 2022

Heartbeat: Ignore SSL errors

Related topics