evebox icon indicating copy to clipboard operation
evebox copied to clipboard

Published 20 hours ago verified publisher icon jasonish

Custom certificate authority for Elasticsearch connection

Open biolds opened this issue 1 year ago • 1 comments

Hello,

I'm trying to make Evebox connect to an Elasticsearch server using https with a certificate signed by a custom CA. I keep getting the following error:

2022-08-12 10:13:11 WARN rustls::conn: Sending fatal alert BadCertificate
2022-08-12 10:13:11 WARN evebox::server::main: Failed to get Elasticsearch version, will try again: Reqwest(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("es-server")), port: Some(9200), path: "/", query: None, fragment: None }, source: hyper::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnknownIssuer") } }) })

I was wondering if there is an option, an environment variable or any way to set a trusted CA.

Thanks

biolds avatar Aug 12 '22 09:08 biolds

No really yet. You can use the -k command line option to disable certificate validation.

Or if you try the latest development build, you can add your CA to your operating system's trusted CAs and EveBox should pick that up as well.

But right now there is no option to specify it within EveBox itself. I do plan to do this tho.

jasonish avatar Aug 15 '22 15:08 jasonish