search

TheHive-Project / Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
https://thehive-project.org
GNU Affero General Public License v3.0
1.32k stars 226 forks source link

SSL Connection to Elasticsearch got error #442

Open kalpinus opened 1 year ago

kalpinus commented 1 year ago

SSL Connection to Elasticsearch with xpack SSL enabled got error

Request Type

Feature Request

Work Environment

Question Answer
OS version (server) Ubuntu 20.04.5 LTS 64bit
OS version (client) Windows 10
Cortex version / git hash 3.1.7-1
Package Type Binary (via apt install from cortex repository)
Browser type & version Mozilla Firefox 110.0

Problem Description

I expected cortex can communicate with elasticsearch and create index for first time. However I got following warn:

2023-03-04 02:53:50,468 [WARN] from org.elastic4play.database.SearchWithScroll in application-akka.actor.default-dispatcher-6 - Search error com.sksamuel.elastic4s.http.JavaClientExceptionWrapper: javax.net.ssl.SSLPeerUnverifiedException: Host name 'x.x.x.x' does not match the certificate subject provided by the peer (CN=elasticsearch) at com.sksamuel.elastic4s.http.JavaClient$$anon$1.onFailure(JavaClient.scala:70) at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onDefinitiveFailure(RestClient.java:668) at org.elasticsearch.client.RestClient$1.failed(RestClient.java:417) at org.apache.http.concurrent.BasicFuture.failed(BasicFuture.java:137) at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.executionFailed(DefaultClientExchangeHandlerImpl.java:101) at org.apache.http.impl.nio.client.AbstractClientExchangeHandler.failed(AbstractClientExchangeHandler.java:426) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.exception(HttpAsyncRequestExecutor.java:163) at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:76) at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:39) at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:156) at org.apache.http.impl.nio.reactor.BaseIOReactor.writable(BaseIOReactor.java:187) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:341) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'x.x.x.x' does not match the certificate subject provided by the peer (CN=elasticsearch) at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy.verifySession(SSLIOSessionStrategy.java:209) at org.apache.http.nio.conn.ssl.SSLIOSessionStrategy$1.verify(SSLIOSessionStrategy.java:188) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:360) at org.apache.http.nio.reactor.ssl.SSLIOSession.outboundTransport(SSLIOSession.java:564) at org.apache.http.impl.nio.reactor.AbstractIODispatch.outputReady(AbstractIODispatch.java:154) ... 7 common frames omitted 2023-03-04 02:53:50,557 [INFO] from play.api.Play in main - Application started (Prod) (no global state) 2023-03-04 02:53:51,529 [INFO] from play.core.server.AkkaHttpServer in main - Enabling HTTP/2 on Akka HTTP server... 2023-03-04 02:53:51,531 [INFO] from play.core.server.AkkaHttpServer in main - Listening for HTTP on /0:0:0:0:0:0:0:0:9001

and indexes is not created in elasticsearch.

Steps to Reproduce

  1. Install cortex using apt from cortex repository
  2. Configure cortex with following configuration
  3. Import crt file from elasticsearch and convert to jks format: keytool -import -alias ca -file elasticsearch.crt -keystore elasticsearch.jks
  4. Put elasticsearch.jks to /etc/cortex/certs/elasticsearch.jks (I create directory certs inside cortex directory)

  5. Config cortex (/etc/cortex/application) with following lines: ....(snip) search { index = cortex uri = "https://x.x.x.x:9200" user = "" password = "" ssl.enabled = "true"

    keyStore { path = "/etc/cortex/certs/elasticsearch.jks" type = "JKS" # or PKCS12 password = "xxx" } trustStore { path = "/etc/cortex/certs/elasticsearch.jks" type = "JKS" # or PKCS12 password = "xxx" } }

....(snip)

  1. Start cortex : systemctl start cortex
  2. Check log: tail -f /var/log/cortex/application.log and got warn above.

Possible Solutions

Can you please add feature to disable hostname verification and allow self sign certificate like what already done with TheHive (I run TheHive with ES SSL and is running well).

Complementary information

srt180 commented 1 year ago

same here