-
Change Request
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
Currently if Elasticsearch is enabled for Zabbix web-interface it is impossible to use HTTPS with self-signed CA.
To enable self-signed CA currently only two possible ways:
A way:
1. Add CA to /etc/ssl/certs/
2. Execute:
update-ca-certificates
B way:
Modify CElasticsearchHelper.php sources:
diff --git a/ui/include/classes/helpers/CElasticsearchHelper.php b/ui/include/classes/helpers/CElasticsearchHelper.php index 79bfa1837e..d0339b9ed6 100644 --- a/ui/include/classes/helpers/CElasticsearchHelper.php +++ b/ui/include/classes/helpers/CElasticsearchHelper.php @@ -45,9 +45,14 @@ class CElasticsearchHelper { 'http' => [ 'header' => "Content-Type: application/json; charset=UTF-8", 'method' => $method, - 'ignore_errors' => true // To get error messages from Elasticsearch. - ] - ]; + 'ignore_errors' => true, // To get error messages from Elasticsearch. + ], + 'ssl' => [ + 'cafile' => "/etc/ssl/certs/ca-certificates.crt", + 'verify_peer'=> true, + 'verify_peer_name'=> true + ] + ]; if ($request) { $request = json_encode($request);