elasticmachine
commented
6 years ago Original comment by @deepybee:
I should caveat the title with without an /etc/hosts hack, but let's not go there ;)
Open elasticmachine opened 6 years ago
elasticmachine
commented
6 years ago Original comment by @deepybee:
I should caveat the title with without an /etc/hosts hack, but let's not go there ;)
elasticmachine
commented
6 years ago Original comment by @deepybee:
Related to LINK REDACTED
elasticmachine
commented
6 years ago Original comment by @andrewvc:
Thanks for the report. I agree, this makes sense. We should make this part of our broader story around SSL settings unification.
Original comment by @deepybee:
When configuring monitoring of pipelines using X-Pack, a user can employ a generic self signed cert provided they use the
xpack.monitoring.elasticsearch.ssl.verification_mode: certificatesetting inlogstash.yml.However, no corresponding
xpack.management.elasticsearch.ssl.verification_modeflag exists to bypass SAN verification of the cert when setting up centralised pipeline management. In real world scenarios, this should not be an issue, as customers should be using proper certs signed by a bona fide CA. However in the field when we build proof of concept stacks for customers more often than not the customer's internal red tape prevents them from issuing certs in a timely fashion, and so the ability to create a single cert for the entire PoC stack and setverification_mode: certificateto permit this saves a ton of time and hassle.Similar settings are available in X-Pack components for Kibana and Elasticsearch, so this appears to be an oversight for this one recent feature within the Logstash X-Pack component.
In terms of priority, it's kind of an edge case atm, but with the announcement coming up at ElasticON in a few weeks we may find more and more users hitting this who aren't Elastic employees in the field.