We're trying to learn how to setup TLS on elastic. We have a 1 node stack with version 6.6.1, working on getting logstash setup. All output is in pipelines. Getting this error at startup:
[WARN ][logstash.outputs.elasticsearch] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
That seems to be the default and I don't have ssl_certificate_verification anywhere in the config (verified by grep -ri) . I think it may be from something in the xpack.monitoring config, but I have nothing there for verification either.
Hmm, now that I look at it, I think that you only need to add the ssl_certificate_verification => true to your output. But you would have to be using a verified cert.
Well, I had read the doc :-).... if you are using an "httpS" url, then ssl => becomes true based on the url and ssl_certificate_validation defaults to true, so I left them out.
Adding these to all my pipelines didn't eliminate the error.
You can try setting the ssl_certificate_verification => false
If you read the last message on this git issue it says that the traffic should still be going through:
I don't have SSL setup in my test environment right now, so I am not able to test this, but I do have it running in prod.
I honestly hadn't expected any traffic yet since I hadn't updated the beats for tls, but yes, there is traffic getting thru from winlogbeat test systems and monitoring data, so it's just a nag warning message and it appears to only happen at startup. If the pipelines are unhealthy, they can produce continuous messages.
At this point, I'm OK for my dev environment, when we get our contracts in place, I can open a support case
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.