Heartbeat Won't Ignore SSL Verification

Hello all. Long time lurker, first time poster.

Using Elastic Stack 7.4.

I have spent the better part of the past 2 weeks setting up Heartbeats to monitor all of my internal systems and services. It was a ton of work but I finally got it working - almost.

I have 3 systems that insist on using https to connect, but I have not installed CA-signed certificates for those systems. When Heartbeat tries to connect to those systems I get the following error messages in the index document:

error.message Get https://xxx.mydomain.com: x509: certificate is valid for localhost.mydomain.com, not xxx.mydomain.com

or

error.message Get https://yyy.mydomain.com: x509: certificate is not valid for any names, but wanted to match yyy.mydomain.com

Different systems give different error messages, but they all seem to point to the fact that I don't have a formally signed cert on these systems. Not surprising (I know, that's how it works), but I don't want to go through the effort of installing (& maintaining) certs for a handful of internal systems. So I tried to get around this by disabling ssl verification in my YAML file:

    - type: http
      name: http_xxx
      enabled: true
      schedule: '@every 5s'
      urls: ["https://xxx.mydomain.com"]
      ipv4: true
      ipv6: false
      mode: any
      timeout: 16s
      ssl: 
        ssl.enabled: true
        ssl.verification_mode: none

I've tried multiple variations of SSL options but none of them seem to work. I still get the connection error messages in Heartbeat and those systems continually show as "down."

I'm hoping someone here can show me what I am doing wrong, or a workaround to enable Heartbeat to connect to these systems.

Thanks in advance.

Apologies for the delay here. The issue here is that you should use

ssl:
  verification_mode: none

I think the confusion comes from the fact that you can skip the object nesting and also write:

ssl.verification_mode:none

In your config snippet you have ssl repeated in the nested object.

Let us know if there's anything else we can do to help.

DOH! :man_facepalming:

That worked perfectly. Thanks, @Andrew_Cholakian1!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.