elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
20k stars 8.24k forks source link

[Fleet UI] Allow users to specify TLS configuration consistently for all Agent policy settings #173782

Open ycombinator opened 11 months ago

ycombinator commented 11 months ago

Describe the feature:

When it comes to configuring settings for Agent policies in the Fleet UI, there are four sections:

Each of these allow the Agent to talk to some host(s) over the network. Therefore, each of these sections could be configured to use TLS. Unfortunately, we're not consistent today in allowing TLS configuration in each of these settings.

We should make all these sections consistent by allowing the same TLS configuration options in each.

Describe a specific use case for the feature:

Offering TLS configuration options for all sections becomes especially important in air-gapped installations where users tend to use self-signed certificates.

elasticmachine commented 11 months ago

Pinging @elastic/fleet (Team:Fleet)

cmacknz commented 11 months ago

@nimarezainia

lucabelluccini commented 10 months ago

Idk if this should be raised as a separate issue, but the new Elasticsearch Remote Output is missing an entry to specify CA Fingerprint. The workarounds might be to use in Advanced Settings in the ES Output: 1) Specify ssl.certificate_authorities https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#server-certificate-authorities

ssl:
  certificate_authorities:
  - |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

2) Specify ssl.ca_trusted_fingerprint: <THE FINGERPRINT> https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ca_trusted_fingerprint