TheHiveDocs icon indicating copy to clipboard operation
TheHiveDocs copied to clipboard
verified publisher icon TheHive-Project

XPACK Authentication and SSL connection fails [incorrect options]

Open d3vzer0 opened this issue 6 years ago • 1 comments

XPACK + SSL Authentication not working

Request Type

Bug

Work Environment

Question Answer
OS version (server) Docker (on OSX)
OS version (client) 10.4
TheHive version / git hash thehiveproject/thehive:3.4.0 / thehiveproject/cortex:3.0.0
Package Type Docker
Browser type & version Chrome

Problem Description

After initialising the Docker-compose (ie. Hive, Cortex + Elastic) with XPACK enabled for Elastic, the Hive/Cortex configuration parameters mentioned @ https://github.com/TheHive-Project/TheHiveDocs/blob/master/admin/configuration.md to enable SSL and force user/pass authentication don't seem to work. I managed to get it working by checking the elastic4play source code and finding the correct parameters.

Possible Solutions

Change the configuration example to match with the expected elastic4play variables. The below config diff worked for me :)

Current example (not working):

search {
...
### XPack SSL configuration
 # Username for XPack authentication
 #username
 # Password for XPack authentication
 #password
 # Enable SSL to connect to ElasticSearch
 ssl.enabled = false
 # Path to certificate authority file
 #ssl.ca
 # Path to certificate file
 #ssl.certificate
 # Path to key file
 #ssl.key
...
}

Working config:

search {
...
  uri = "https://elasticsearch_node1:9200"
  user = "the_hive"
  password = "wow_this_is_a_secret"
  keyStore.path = "/certs/thehive/thehive.pkcs12"
  keyStore.type = "PKCS12"
  keyStore.password = "even_more_secrets_here"
  trustStore.path = "/certs/ca/KeyStore.jks"
  trustStore.password = "and_more_secrets_there"
...
}

Complementary information

My elastic Docker-compose variables:

      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=$CERTS_DIR/elasticsearch_node1/elasticsearch_node1.key
      - xpack.security.http.ssl.certificate=$CERTS_DIR/elasticsearch_node1/elasticsearch_node11.crt
      - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate 
      - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.certificate=$CERTS_DIR/elasticsearch_node1/elasticsearch_node1.crt
      - xpack.security.transport.ssl.key=$CERTS_DIR/elasticsearch_node1/elasticsearch_node1.key

d3vzer0 avatar Sep 20 '19 20:09 d3vzer0

This is important indeed, thanks for sharing your configuration !

iwitz avatar Dec 06 '19 11:12 iwitz