Open elasticmachine opened 6 years ago
Original comment by @deepybee:
I should caveat the title with without an /etc/hosts
hack, but let's not go there ;)
Original comment by @deepybee:
Related to LINK REDACTED
Original comment by @andrewvc:
Thanks for the report. I agree, this makes sense. We should make this part of our broader story around SSL settings unification.
Original comment by @deepybee:
When configuring monitoring of pipelines using X-Pack, a user can employ a generic self signed cert provided they use the
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
setting inlogstash.yml
.However, no corresponding
xpack.management.elasticsearch.ssl.verification_mode
flag exists to bypass SAN verification of the cert when setting up centralised pipeline management. In real world scenarios, this should not be an issue, as customers should be using proper certs signed by a bona fide CA. However in the field when we build proof of concept stacks for customers more often than not the customer's internal red tape prevents them from issuing certs in a timely fashion, and so the ability to create a single cert for the entire PoC stack and setverification_mode: certificate
to permit this saves a ton of time and hassle.Similar settings are available in X-Pack components for Kibana and Elasticsearch, so this appears to be an oversight for this one recent feature within the Logstash X-Pack component.
In terms of priority, it's kind of an edge case atm, but with the announcement coming up at ElasticON in a few weeks we may find more and more users hitting this who aren't Elastic employees in the field.