Hi,
I am using security module to encrypt transport between es-nodes and to rest api.
In logstash I get the following warning:
[2019-09-09T13:56:45,737][WARN ][logstash.outputs.elasticsearch] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
My pipeline output looks like this:
output
{
elasticsearch
{
hosts => ["${ES_HOST}:${ES_PORT}"]
ssl => "${USE_ES_SSL}"
cacert => "${ES_CA_CERT_PATH}"
ssl_certificate_verification => true
# credentials are fetched from envrionment or logstash-keystore
user => "${LOGSTASH_USER}"
password => "${LOGSTASH_PASSWORD}"
index => "%{[@metadata][indexName]}"
}
}
xpack monitoring is also enabled.
In for ES transport layer I am checking only certificate, but disabled hostname certification.
So any idea, how I can get rid of this warning? I want to validate hostname on rest api entrypoint.
Thanks, Andreas