Loading...

XML

Word

Printable

Type: Change Request
Resolution: Unresolved
Priority: Medium
Fix Version/s: None
Affects Version/s: None
Component/s: Frontend (F)
Labels:
None

Currently if Elasticsearch is enabled for Zabbix web-interface it is impossible to use HTTPS with self-signed CA.

To enable self-signed CA currently only two possible ways:
A way:
1. Add CA to /etc/ssl/certs/
2. Execute:

  update-ca-certificates

B way:
Modify CElasticsearchHelper.php sources:

diff --git a/ui/include/classes/helpers/CElasticsearchHelper.php b/ui/include/classes/helpers/CElasticsearchHelper.php
index 79bfa1837e..d0339b9ed6 100644
--- a/ui/include/classes/helpers/CElasticsearchHelper.php
+++ b/ui/include/classes/helpers/CElasticsearchHelper.php
@@ -45,9 +45,14 @@ class CElasticsearchHelper {
                        'http' => [
                                'header'  => "Content-Type: application/json; charset=UTF-8",
                                'method'  => $method,
-                               'ignore_errors' => true // To get error messages from Elasticsearch.
-                       ]
-               ];
+                               'ignore_errors' => true, // To get error messages from Elasticsearch.
+                       ],
+               'ssl' => [
+                        'cafile' => "/etc/ssl/certs/ca-certificates.crt",
+                        'verify_peer'=> true,
+                        'verify_peer_name'=> true
+                   ]
+           ];
 
                if ($request) {
                        $request = json_encode($request);

Assignee:: Zabbix Development Team

Reporter:: Alexey Pustovalov

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2020 Oct 19 15:50

Updated:: 2020 Oct 23 00:05

Details

Description

Attachments

Activity

People

Dates