[Ingest Manager] Add support for Custom CA and TLS options when configuring the integration. #73489

ph · 2020-07-28T15:48:01Z

Some integrations (mostly metricbeat) allow to define TLS options on the module. We should allow a user to configure the options:

Certificate authorities (common): when authenticating the server.
Certificate: required when doing mutual authentication.
Certificate private key: required when doing mutual authentication.
key_passphrase: used to decode the private key.
verification_mode (advanced): Control how the client verifies the server.
supported protocol (advanced): define which version of TLS to use.
cipher_suites (advanced): Define which cipher is supported, required in some lock down environment.
curve_types (advanced): Define which ECDH curve to use.
renegotiation (advanced): Configure TLS renegotiation
client_authentication (advanced): Configure client authentication.
ca_sha256 (advanced): This configures a certificate pin that you can use to ensure that a specific certificate is part of the verified chain.

elasticmachine · 2020-07-28T15:48:04Z

Pinging @elastic/ingest-management (Team:Ingest Management)

ph · 2020-08-17T14:54:58Z

Can we make a stop gap feature to allow a user to define the option in a yaml box and have them reference a local path?

jen-huang · 2021-04-26T21:55:01Z

Closing this until #72718 (design task) is designed and specc'd.

ph added the Team:Fleet Team label for Observability Data Collection Fleet team label Jul 28, 2020

ph mentioned this issue Jul 28, 2020

[Fleet] Add support for custom Certificate Authorities, Certificate and Private keys. #73483

Open

8 tasks

ph assigned ph and unassigned ph Aug 17, 2020

jen-huang closed this as completed Apr 26, 2021

Provide feedback