Disable SSL Check for Elasticsearch

[anasnaguib]

Use case

In our deployment, Elasticsearch is running on a separate machine from OpenCTI with self signed ssl certificate. To secure communication, SSL/TLS is enabled on Elasticsearch. Currently, the only workaround to bypass SSL checks in OpenCTI involves disabling xpack.security.enabled in Elasticsearch, which is not desirable for production environments where security is a priority. We need a way to disable SSL certificate validation in OpenCTI's connection to Elasticsearch, allowing us to maintain SSL encryption without needing to disable security features on Elasticsearch.

Current Workaround

To bypass SSL checks currently, we have to disable xpack.security.enabled in the Elasticsearch configuration. This approach compromises the security of the Elasticsearch instance, leaving it without essential security features provided by the X-Pack plugin.

Proposed Solution

Implement a configuration option in OpenCTI to disable SSL certificate validation for Elasticsearch connections. This would allow users to maintain SSL encryption on Elasticsearch while bypassing SSL certificate validation on the client side, ensuring secure communication without needing to compromise the security settings of Elasticsearch.

Additional Information

Having an option to disable SSL checks in OpenCTI would provide a more secure and flexible solution for users running Elasticsearch on separate machines with self signed ssl certificate. This feature is especially beneficial in environments where managing certificates is complex or when using self-signed certificates.

If the feature request is approved, would you be willing to submit a PR?

Yes (Help can be provided if you need assistance submitting a PR)

[daemitus]

tried elasticsearch:ssl:reject_unauthorized | ELASTICSEARCH__SSL__REJECT_UNAUTHORIZED | true | Enable TLS certificate check?