Webhook https , ignoring verification of certificate

Hi,
Is there any way to skip SSL validation when sending notification?

Presently I have

"actions": [
{
"id": "SLACK_notify",
"type": "webhook",
"status": "failure",
"reason": "SSLHandshakeException[java.security.cert.CertificateException: No name matching hooks.slack.com found]; nested: CertificateException[No name matching hooks.slack.com found]; "
}
]

It would be great to have similar options as curl has, means:
"If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option."

I have SSL proxy, it will be difficult to "fix" infrastructure. I don't need verification of certificate.

Best Regards
Michal

If you aren't doing validation why even bother with SSL?

Not sure if understand correctly Your question.
I'm forced to use https (the only way provided by slack)

"webhook" : {
"method" : "POST",
"scheme" : "https",
"port" : 443,
"host" : "hooks.slack.com")

Unfortunately I have some wrong SSL proxy (in the middle), which causes SSLHandshakeException on watcher side.

Using SSL and then turning off validation makes SSL useless. You might as well just run HTTP.

I don't know how to ignore the certificate but you can add your CA cert to be trusted:

  1. Add this line to /etc/default/elasticsearch
    ES_JAVA_OPTS=-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts

2.) Add your CA certificate to the keystore:
keytool -import -trustcacerts -alias XYZ -file /tmp/cert.pem -keystore /etc/pki/java/cacerts

3.) Restart

Hey,

using the watcher.http.ssl.keystore.{path,password,key_password,algorithm} settings, one can also use a dedicated keystore for the http input/webhook action, which is also used as truststore, unless you are using shield, which uses it's own.

--Alex

For posterity (and v5-6), you can disable cert verification in watcher via a setting: https://www.elastic.co/guide/en/elasticsearch/reference/current/notification-settings.html#ssl-notification-settings

xpack.http.ssl.verification_mode
Controls the verification of certificates. Valid values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.