Heartbeat Query - Problem with Websites Security Certificate


(Scott Duncan) #1

Hello,

I've configured heartbeat to connect to a https wsdl endpoint, however there is a problem with the website security certificate, causing failures.

As a test, I have put ssl.verification_mode: none into the monitor section in heartbeat.yml and still have the same error.

Normally, I'd pursue the path of fixing the certificate, however I won't get enough buy in to fix it.

Thanks in advance.


(Andrew Kroh) #2

Please share the configuration you are using (use three backticks before and after to get proper formatting).


(Scott Duncan) #3

Hi Andrew, thanks for your reply:

Please see below my heartbeat.yml.

The 8002/Cardholder/?wsdl is the one in question that fails.

################### Heartbeat Configuration Example #########################

# This file is an example configuration file highlighting only some common options.
# The heartbeat.full.yml file in the same directory contains all the supported options
# with detailed comments. You can use it for reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/heartbeat/index.html

############################# Heartbeat ######################################

# Configure monitors
heartbeat.monitors:
- type: http

  # List or urls to query
  urls:
       -  "http://****:6005"
       -  "http://test-apex-workspace.***"
       -  "http://****:29080/cad-soap/21616/***.wsdl"
       -  "https://***:8082/Cardholder/?wsdl"
       -  "https://***/pack/***/soap?wsdl"

  # Configure task schedule
  schedule: '@every 60s'

  ssl.verification_mode: none
  # Total test connection and data exchange timeout
#================================ General =====================================

# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:

# The tags of the shipper are included in their own field with each
# transaction published.
tags: ["web-apps"]

# Optional fields that you can specify to add additional information to the
# output.
#fields:
#  env: staging

#================================ Outputs =====================================

# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["***:9200"]
  index: "heartbeat-%{+yyyy.MM.dd}"
  # Optional protocol and basic auth credentials.

#----------------------------- Logstash output --------------------------------
#output.logstash:
  # The Logstash hosts
  #hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

#================================ Logging =====================================

# Sets log level. The default log level is info.
# Available log levels are: critical, error, warning, info, debug
#logging.level: debug

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]```

(Steffen Siering) #4

Might be a bug in beats TLS verification not being correctly disabled. Can you report this on github please?

As workaround, you can configure the certificate authorities to be used by the TLS client.


(Scott Duncan) #5

Hi Steffen,

Think it was something on my end. Working ok now.

Cheers!


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.