[ZBXNEXT-6277] Impossible to use Elasticsearch with self-signed CA Created: 2020 Oct 19  Updated: 2020 Oct 23

Status: Open
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: None
Fix Version/s: None

Type: Change Request Priority: Medium
Reporter: Alexey Pustovalov Assignee: Zabbix Development Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Currently if Elasticsearch is enabled for Zabbix web-interface it is impossible to use HTTPS with self-signed CA.

To enable self-signed CA currently only two possible ways:
A way:
1. Add CA to /etc/ssl/certs/
2. Execute:

  update-ca-certificates

B way:
Modify CElasticsearchHelper.php sources:

diff --git a/ui/include/classes/helpers/CElasticsearchHelper.php b/ui/include/classes/helpers/CElasticsearchHelper.php
index 79bfa1837e..d0339b9ed6 100644
--- a/ui/include/classes/helpers/CElasticsearchHelper.php
+++ b/ui/include/classes/helpers/CElasticsearchHelper.php
@@ -45,9 +45,14 @@ class CElasticsearchHelper {
                        'http' => [
                                'header'  => "Content-Type: application/json; charset=UTF-8",
                                'method'  => $method,
-                               'ignore_errors' => true // To get error messages from Elasticsearch.
-                       ]
-               ];
+                               'ignore_errors' => true, // To get error messages from Elasticsearch.
+                       ],
+               'ssl' => [
+                        'cafile' => "/etc/ssl/certs/ca-certificates.crt",
+                        'verify_peer'=> true,
+                        'verify_peer_name'=> true
+                   ]
+           ];
 
                if ($request) {
                        $request = json_encode($request);

Generated at Fri Apr 03 13:07:45 EEST 2026 using Jira 10.3.13#10030013-sha1:56dd970ae30ebfeda3a697d25be1f6388b68a422.