apm-agent-php icon indicating copy to clipboard operation
apm-agent-php copied to clipboard
verified publisher icon elastic

Allow Custom CA Certificates

Open zklodnic opened this issue 4 years ago • 1 comments

Describe the bug Users who have custom certificate authorities in the chain are not able to use TLS validation, as there is no way to add more trusted CA certificates.

The Node agent has the option serverCaCertFile, but the PHP agent does not have an equivalent option.

Disabling TLS verification is not an acceptable solution.

To Reproduce Steps to reproduce the behavior:

  1. Put the APM server behind a custom CA
  2. Try to use the PHP Elastic APM Agent
  3. Notice cert errors in the PHP logs
  4. Try to find the option for custom CA certs
  5. Fail to find such an option

Expected behavior The agent should be usable with custom CAs in the chain without circumventing security.

zklodnic avatar Jun 11 '21 19:06 zklodnic

I've submitted a fix for this in https://github.com/elastic/apm-agent-php/pull/423

wouterj avatar Jun 24 '21 13:06 wouterj