User_bundle from internal Artifactory problem

Hi!

I'm trying to add a custom cacerts.zip User_Bundle to my ELK deployment in our ECE.
Elasticsearch is bootlooping and the reason is an untrusted certificate.

    "elasticsearch": {
      "user_bundles": [
       {
        "elasticsearch_version": "7.*",
        "name": "ldap-cert",
        "url": "https://<artifactory_address>/cacerts.zip"
      }
    ],
    "version": "7.10.2"
   },

My problem is - the certificate of artificatory is signed by my company's CA, I can't do much about that.
I'm able to download this bundle on the VM ECE is installed on but I can't from inside of Elasticsearch containers.

Is there any way to ignore cert verification like wget does?

wget --no-check-certificate

Unfortunately this is a known issue

The workarounds until we fix it (there are plans, but no ETA) are:

  • Run an nginx container on each allocator that will proxy to the artifactory
  • (not supported (*)) unzip the stackpack, add --no-check-certificate to the wget in elasticsearch.sh, rezip, and re-upload

Apologies - we appreciate neither workaround is great

(*) in the sense that issues with a custom stackpack might come down to "does it fail in the same way with the supported stackpack"

1 Like

I am not sure about it sir, and Once I will check it, then let you know.

Latest Breakfast hours

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.