Open ycombinator opened 11 months ago
Pinging @elastic/fleet (Team:Fleet)
@nimarezainia
Idk if this should be raised as a separate issue, but the new Elasticsearch Remote Output is missing an entry to specify CA Fingerprint. The workarounds might be to use in Advanced Settings in the ES Output: 1) Specify ssl.certificate_authorities https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#server-certificate-authorities
ssl:
certificate_authorities:
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
2) Specify ssl.ca_trusted_fingerprint: <THE FINGERPRINT>
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ca_trusted_fingerprint
Describe the feature:
When it comes to configuring settings for Agent policies in the Fleet UI, there are four sections:
Each of these allow the Agent to talk to some host(s) over the network. Therefore, each of these sections could be configured to use TLS. Unfortunately, we're not consistent today in allowing TLS configuration in each of these settings.
We should make all these sections consistent by allowing the same TLS configuration options in each.
Describe a specific use case for the feature:
Offering TLS configuration options for all sections becomes especially important in air-gapped installations where users tend to use self-signed certificates.