connectors icon indicating copy to clipboard operation
connectors copied to clipboard

Published 20 hours ago verified publisher icon elastic

Add connector (e.g. S3) support for custom certificate authority

Open serenachou opened this issue 2 years ago • 10 comments

similar to #232 we need to support the ability for customers to set a custom CA for connection.

serenachou avatar Jan 24 '23 22:01 serenachou

related to #3763

serenachou avatar Jan 24 '23 22:01 serenachou

Hey @serenachou , we are planning to refer this doc[https://boto3.amazonaws.com/v1/documentation/api/1.9.185/_modules/boto3/session.html] and we'll update our client and resource method for adding a certificate in verify parameter for both the methods. This will be a optional parameter in connector specific configuration and default value for this will be None. Attaching screenshot for adding the syntax of verify parameter: Screenshot (34)

akanshi-crest avatar Feb 01 '23 07:02 akanshi-crest

This is on hold for now due to priority of other connectors sharepoint.

akanshi-elastic avatar Feb 13 '23 06:02 akanshi-elastic

@serenachou I am not sure to understand, can you explain how customers use a custom CA certificate with S3?

The S3 APIs are served by domains owned by Amazon, and they are present in the root certificate that is built-in in all servers OSes, and we already use an SSL connection right now and it works.

tarekziade avatar Feb 14 '23 15:02 tarekziade

@serenachou could you please confirm for the above comment from @tarekziade ? OR can we close the issue as it is in a waiting state for a long?

khusbu-crest avatar Mar 13 '23 07:03 khusbu-crest

@serenachou we are waiting for your confirmation for the above comment from @tarekziade ? OR can we close the issue as it is in a waiting state for a long?

khusbu-crest avatar Mar 27 '23 07:03 khusbu-crest

@khusbu-crest We'll keep this as part of the backlog review the custom CA topic as part of a larger initiative in the future.

danajuratoni avatar Apr 18 '23 09:04 danajuratoni

I was thinking we'd need it for S3 on outposts https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3outposts.html FWIW @tarekziade & for when customers have configured things like CloudFront with a custom ssl domain to access their data in their s3 buckets -> https://aws.amazon.com/cloudfront/custom-ssl-domains/

serenachou avatar Apr 18 '23 13:04 serenachou

PNC has an active project where they would really like to use our MongoDB custom connector client with a self-signed cert from their internal CA.

bradquarry avatar Nov 09 '23 18:11 bradquarry

This issue looks related to https://github.com/elastic/connectors/issues/1272

PNC has an active project where they would really like to use our MongoDB custom connector client with a self-signed cert from their internal CA.

@bradquarry the MongoDB connector already has support for specifying a custom certificate. See: https://github.com/elastic/connectors/pull/1937

seanstory avatar Jan 15 '24 19:01 seanstory