Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Synthetics] Document how to mount and use an alternative CA #2855

Closed
paulb-elastic opened this issue Apr 12, 2023 · 7 comments
Closed

[Synthetics] Document how to mount and use an alternative CA #2855

paulb-elastic opened this issue Apr 12, 2023 · 7 comments
Labels
Area:Synthetics Synthetics Docs Issue Request Team:Docs Label for the Observability docs team

Comments

@paulb-elastic
Copy link
Contributor

Description

We’ve had some questions about trying to use custom CAs when running synthetic (browser) monitors (typically on Private Locations, for internal systems using alternate CAs).

Although in the longer term we want to make this easier (for example, be able to define CAs at push time), this won’t be something we’ll prioritise right now, so should document this.

This isn't needed for the GA launch of Synthetics, but would be useful to add soon after.

Resources

Came up recently in elastic/synthetics#717

Collaboration

TBD. The docs and product team will work together to determine the best path forward.

Point of contact.

Main contact: @andrewvc

Stakeholders:
@paulb-elastic paulb-elastic added Team:Docs Label for the Observability docs team Request Area:Synthetics Synthetics Docs Issue labels Apr 12, 2023
@GeorgeGkinis
Copy link

Why not add the CA as a global parameter?
This could be done in synthetics.config.ts

I am trying to find how this should be done..

@bmorelli25
Copy link
Member

Deprioritizing this on the doc side after our convo in docs monthly sync.

@pa-jberanek
Copy link

Just hitting an issue around this, for doing Synthetics monitoring of internal systems using an internal CA.

We have a project to upload monitors, and tried to use this YAML monitor config and the push throws an error:

  ssl:
    certificate_authorities:
      - |
        -----BEGIN CERTIFICATE-----
        MIID/DCCAuSgAwIBAgITXAAAAAbUoPCyr3Aq1AAAAAAABjANBgkqhkiG9w0BAQsF
        ADAVMRMwEQYDVQQDEwpQQS1Sb290LUNBMB4XDTE2MDQxNTE2MjU0MloXDTI1MTEw

The error:

   > Monitor is not a valid monitor of type http: monitor(my-http-monitor)
       Invalid value "["-----BEGIN CERTIFICATE-----\nMIID/DCCAuSgAwIBAgITXAAAAAbUoPCyr3Aq1AAAAAAABjANBgkqhkiG9w0BAQsF\nADAVMRMwEQYDVQQDEwpQQS1Sb290LUNBMB4XDTE2MDQxNTE2MjU0MloXDTI1MTEw\nNDA5MjYzNFowRjETMBEGCgmSJomT8ixkARkWA3B2dDESMBAGCgmSJomT8ixkARkW\nAmFkMRswGQYDVQQDExJQQS1pbnRlcm1lZGlhdGUtQ0EwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQCob9kGThWWoG8oiH3SPVL5TQhUnbspr6j8AWXoH54W\n1+USXaGrrflKbVIh+/B/Ls5DQkpHSjSUT3SNbn85EM1rhZSltOnpE
etc.
etc.
oOLEgl6eRuNrM/NsRd18kZOQL5l4jism6OzEb\nm1W8zBZcailsSThJugwfjfJnn/NLIrjYk76W/k8xGJ1sHfbZlAgoZS5AgW9A3f4I\nyVb0RZozH8RRaIEsjuZ4ZkPG8y9/WqT2nPf6zmmmGpBc1AlzBcudhFkgXcUC4+4J\n/XugfLweYGc8\n-----END CERTIFICATE-----\n"]" supplied to "ssl.certificate_authorities"

@vigneshshanmugam
Copy link
Member

Unfortunately, the SSL configurations are not supported via the Project monitors API at the moment - elastic/synthetics#599

@pa-jberanek
Copy link

Unfortunately, the SSL configurations are not supported via the Project monitors API at the moment - elastic/synthetics#599

We're currently working around it by disabling certificate validation entirely - but that's hardly ideal.

@pa-jberanek
Copy link

Just found elastic/synthetics#717 so will go and look at if that still works...

@vigneshshanmugam
Copy link
Member

Will be closed by #3834

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area:Synthetics Synthetics Docs Issue Request Team:Docs Label for the Observability docs team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@vigneshshanmugam @bmorelli25 @GeorgeGkinis @pa-jberanek @paulb-elastic