search

jasonish / evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
https://evebox.org/
MIT License
417 stars 67 forks source link

Custom certificate authority for Elasticsearch connection #222

Open biolds opened 1 year ago

biolds commented 1 year ago

Hello,

I'm trying to make Evebox connect to an Elasticsearch server using https with a certificate signed by a custom CA. I keep getting the following error:

2022-08-12 10:13:11 WARN rustls::conn: Sending fatal alert BadCertificate
2022-08-12 10:13:11 WARN evebox::server::main: Failed to get Elasticsearch version, will try again: Reqwest(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("es-server")), port: Some(9200), path: "/", query: None, fragment: None }, source: hyper::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnknownIssuer") } }) })

I was wondering if there is an option, an environment variable or any way to set a trusted CA.

Thanks

jasonish commented 1 year ago

No really yet. You can use the -k command line option to disable certificate validation.

Or if you try the latest development build, you can add your CA to your operating system's trusted CAs and EveBox should pick that up as well.

But right now there is no option to specify it within EveBox itself. I do plan to do this tho.