Where to place ssl_certificate_verification?

Hi,

I am using security module to encrypt transport between es-nodes and to rest api.

In logstash I get the following warning:

[2019-09-09T13:56:45,737][WARN ][logstash.outputs.elasticsearch] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true

My pipeline output looks like this:

output
{
	elasticsearch
	{
		hosts 												=> ["${ES_HOST}:${ES_PORT}"]
		ssl 													=> "${USE_ES_SSL}"
		cacert												=> "${ES_CA_CERT_PATH}"
		ssl_certificate_verification 	=> true

		# credentials are fetched from envrionment or logstash-keystore

		user			=> "${LOGSTASH_USER}"
		password	=> "${LOGSTASH_PASSWORD}"

		index			=> "%{[@metadata][indexName]}"
	}
}

xpack monitoring is also enabled.

In for ES transport layer I am checking only certificate, but disabled hostname certification.

So any idea, how I can get rid of this warning? I want to validate hostname on rest api entrypoint.

Thanks, Andreas

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.