dear elastic community
Im working on integrating Tenable Security Center via elastic agent , and getting x509: certificate signed by unknown ,
can please advise what actions to check also if the certificate signed by untrusted CA or generated as selfsigned what we need to do on elastic agent side
thanks
Would ssl.verification_mode: none work for you?
Have a look at:
ssl.verification_mode(string) Controls the verification of server certificates. Valid values are:
full
Verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate.strict
Verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate. If the Subject Alternative Name is empty, it returns an error.certificate
Verifies that the provided certificate is signed by a trusted authority (CA), but does not perform any hostname verification.none
Performs no verification of the server’s certificate. This mode disables many of the security benefits of SSL/TLS and should only be used after cautious consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.Default:
full
Hi @dadoonet
Thank for your replay
i want go by trust the CA on the integration how to proceed i have to add on this side ?
Not an expert, but from the same documentation I linked to, you have ssl.certificate_authorities. May be that's what you are looking for.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
