-
Notifications
You must be signed in to change notification settings - Fork 146
Access clusters using SSL
It is completely possible to use elasticvue with a cluster that uses SSL, as long as your browser trusts your certificate.
The easiest solution is to use elasticvue desktop, this will automatically bypass certificate restrictions. Download
If you dont use elasticvue desktop you have multiple options:
To test if your browser accepts the certificate simply open the url to your cluster in your browser. If you see a certificate warning you will not be able to connect in elasticvue. Chose one of the following options to fix this:
Use a trusted certificate authority (like letsencrypt) to generate certificates for your cluster. This way your browser will accept the certificate automatically. This is mostly suited for production environments.
Manually import the servers CA to your browsers certificate store. The workflow might be different per browser or operating system, but for linux you can do the following:
Chrome: Settings / Security and Privacy / Security / Manage certificates / Authorities Tab / Import / Select your CA / Check "Trust this CA to identify websites."
Firefox: Settings / Privacy & Security / Certificates / View Certificates... / Authorities Tab / Import... / Select your CA / Check "Trust this CA to identify websites."
For elasticsearch 8 import the file elasticsearch/config/certs/http_ca.crt
- When you try to connect your (untrusted) SSL cluster in elasticvue it will show a red error message. This message includes a link to your cluster.
- Click on that link (or open the URL to your cluster manually in your browser)
- Your browser will warn you about your untrusted certificate. Trust the certificate (you may have to accept some warnings)
- Go back to elasticvue and test the connection again. You should be able to connect.
The drawback of this solution is that you might have to do that every time you reopen your browser. Trusting an untrusted certificate is usually only saved temporarily.
Use a local proxy server like simprox to bypass browser restrictions: Start the proxy:
simprox -h 127.0.0.1:7000 -t https://your.cluster.com --skip-ssl-verifyThen connect to http://localhost:7000 (http, not https!) in elasticvue. You still have to set username/password in elasticvue if your cluster uses authorization.
I know that this is not very convenient, but sadly these are the only options (that i am aware of). Because elasticvue runs completely in the browser it has to rely on the browser trusting the certificate. If the browser does not trust it then i cannot bypass that.