logstash 's elasticsearch output has option to turn off SSL verification
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-ssl_certificate_verification
Is there a similar option for apm?
Elasticsearch is using self signed certificate, and apm is complaining when connecting to ES.
All of the Elastic APM agents, with the exception of the RUM JavaScript agent, have a verify_server_cert configuration variable. You can set this to false to disable server TLS certificate verification.
I am using docker-compose
and the following option doesn't work. I think its a bug for apm..
When I use same option in apm-server.yml it works fine.
environment:
- output.elasticsearch.protocol=https
- output.elasticsearch.username=$USERNAME
- output.elasticsearch.password=$ELASTIC_PASSWORD
- output.elasticsearch.ssl.verification_mode=none
Related
I've tried applying some of the following SO answers to an ES server:
Link 1
Link 2
However, I always get a SSL certificate authentication error.
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Is there a workaround for this?
If you are using ElasticSearch for local purpose and do not worry about security issues, you could disable security settings as it described here.
For example, for Linux you could change every configuration with "security" word from true to false in the elasticsearch configuration file: elasticsearch-8.2.0/config/elasticsearch.yml
Hope this helps!
I was able to configure Gravitee API Gateway, Management and UI successfully and I successfully created sample API's which were tested in postman. Now I need to enable SSL for all the three Gravitee services running on ports Management-UI - 8000, API-gateway - 8092 and Management - 8093. Can some one help me to configure wild card domain certificate for all of these services?
This is the only official documentation which i see about ssl configuration for gravitee:
https://docs.gravitee.io/am/2.x/am_installguide_configuration.html
Any help is much appreciated, I have certificates in PKCS12/PEM formats.
FYI, DNS mapping is configured for the server.
I eventually figured it out. The solution was to generate a keystore and truststore for my domain certificate and then add the certificate to gravitee.yml configuration file for both gateway and management-api. update the paths in management ui - constant.json file and restart the services.
Hope this helps some one.
We have a SonarQube server which is by default running on HTTP and 9000 port. We decided to use SonarQube over HTTPS configured using IIS reverse proxy and disable HTTP.
Previously in sonar-scanner.properties,sonar.host.url is configured to run as mentioned below.
sonar.host.url=http://localhost:9000 and now we want to change it to sonar.host.url=https://localhost.
On the browser https://localhost works fine. However when I configure this url in sonar-scanner.properties and try to run the sonar analysis, it says url can not be reached. Could anyone give me some suggestions to fix this issue.
Regards,
Sharieff.
Assign a valid certificate to your website. Using localhost is not the best choice; you should use and configure a valid domain name (https:/mycompany.com for example). On the machine you use to analyse you must update the Java Runtime by registering the certificate associated with this name and maybe also other (root) certificates in the certificate chain. See this blog for all the details. After executing these steps you should be able to upload the analysis to you SonarQube instance.
I configured my openldap 2.4 in Centos . And I have Mac client for it. Now i wanted to enable SSL for secured Ldap connection. I generated self certified certificate and configured my ldap.I followed following Document http://easylinuxtutorials.blogspot.in/2013/11/installing-configuring-openldap-server.html. But in this it is centos client, but my problem is how to configure Mac client. In some google search i found that just enabling SSL option in LDAPv3 of Directory server will do the job for us. But it didnt helped me. please help me in doing some missed configurations.
I solved it myself
Firstly we should edit ldap.conf file ,which is in the path /etc/openldap/ldap.conf of client.
we should add the line
TLS_REQCERT never
I am using Spring3, Hibernate4 and postgres9.2.
For enabling the SSL database connection, I followed following steps :
Creating self signed Certificate : refer : http://www.postgresql.org/docs/9.2/static/ssl-tcp.html#SSL-CERTIFICATE-CREATION
Copied the generated server.crt and server.key into postgres/9.2/data folder.
URL for hibernate connection : jdbc:postgresql://localhost:5432/DB_NAME?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
After restarting the postgres I run my application and it gives error as :
org.postgresql.util.PSQLException: The server does not support SSL.
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:307)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:105)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:65)
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:140)
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:21)
at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:23)
at org.postgresql.Driver.makeConnection(Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
Even I tried to add this line at the end of pg_hba.conf file but postgres does not get restarted :
hostssl all all 127.0.0.1/32 trust
EDIT
It is for other folks who received such error or wants to add database ssl connection :
I added ssl = true and removed comments for ssl related entries from postgresql.conf and it worked. :)
The root of your problem appears to be that your server does not support SSL or does not have it enabled. The message:
The server does not support SSL
may only be emitted by org/postgresql/core/v3/ConnectionFactoryImpl.java in enableSSL(...) when the server refuses or doesn't understand SSL requests.
Sure enough, in your update you say that you had the SSL-related options in postgresql.conf commented out. Them being commented out is the same as them being not there at all to the server; it will ignore them. This will cause the server to say it doesn't support SSL and refuse SSL connections because it doesn't know what server certificate to send. PgJDBC will report the error above when this happens.
When you un-commented the SSL options in postgresql.conf and re-started the server it started working.
You were probably confused by the fact that:
&ssl
&ssl=true
&ssl=false
all do the same thing: they enable SSL. Yes, that's kind of crazy. It's like that for historical reasons that we're stuck with, but it's clearly documented in the JDBC driver parameter reference:
ssl
Connect using SSL. The driver must have been compiled with SSL
support. This property does not need a value associated with it. The
mere presence of it specifies a SSL connection. However, for
compatibility with future versions, the value "true" is preferred. For
more information see Chapter 4, Using SSL.
As you can see, you should still write ssl=true since this may change in future.
Reading the server configuration and client configuration sections of the manual will help you with setting up the certificates and installing the certificate in your local certificate list so you don't have to disable certificate trust checking.
For anyone else with this problem: There will be more details in your PostgreSQL error logs, but my guess is your PostgreSQL config isn't right or you're using a hand-compiled PostgreSQL and you didn't compile it with SSL support.
If you are using a self-signed certificate you need to add it to your trusted key store of your Java installation on the client side.
You find the detailed instructions to achieve this here: telling java to accept self-signed ssl certificate
In your connection string, try
?sslmode=require
instead of
?ssl=true
Use param sslmode=disable. Work for me. Postgresql 9.5 with jdbc driver SlickPostgresDriver.