Reputation: 385
Perl Search::Elasticsearch doesn't work with SSL enabled node with Self-signed certificate
I am using Perl wrapper for Elasticsearch: "Search::Elasticsearch" I create an object as follows:
use Search::Elasticsearch;
my $e = Search::Elasticsearch->new( nodes => "192.168.0.66:9200", debug => 1);
It works fine and I can query Elasticsearch node using this object. Then I try to connect towards an Elasticsearch node that is enabled for SSL using self-signed certificate. I use the following command:
use Search::Elasticsearch;
my $e = Search::Elasticsearch->new( nodes => "192.168.0.66:9200", use_https => 1, userinfo => "testuser:testpwd", debug => 1);
But it doesn't work.
If I do curl to query Elasticsearch, I use the following command:
curl https://testuser:[email protected]:9200
This also doesn't work. When I use -k switch with curl:
curl https://testuser:[email protected]:9200 -k
Then it works fine. I get response from Elasticsearch node.
Now I want to use the same procedure to query same SSL enabled Elasticsearch node using Perl module: Search::Elasticsearch. What is the right syntax and how and where to define '-k' switch?
Upvotes: 2
Views: 401
Answers (1)
Reputation: 217564
Using -k is synonym to --insecure so curl doesn't verify the certificate. The question is then, how useful is it to query over an encrypted SSL channel while allowing insecure connections?
That kind of defeats the purpose of using SSL in the first place, right?
If you have the CA that signed the certificate (which you should), then you should use it with the --cacert curl switch
curl --cacert /path/to/cacert.pem https://testuser:[email protected]:9200
or with Perl you can also specify the CA cert in the ssl_options
use Search::Elasticsearch;
use IO::Socket::SSL;
my $es = Search::Elasticsearch->new(
nodes => [
"192.168.0.66:9200"
],
userinfo => "testuser:testpwd",
debug => 1,
ssl_options => {
SSL_verify_mode => SSL_VERIFY_PEER,
SSL_ca_file => '/path/to/cacert.pem',
SSL_verifycn_scheme => 'http',
}
);
Upvotes: 4
Related Questions
- Can't connect to Elasticsearch with Node.Js on Kubernetes (self signed certificate in certificate chain)
- node.js elasticsearch self signed certificate in certificate chain
- "unable to verify the first certificate" when connecting to elasticsearch from nodejs using self-generated certificates
- elasticdump with TLS - unable to verify the first certificate
- Elasticsearch-OSS 7.9.2 with SSL
- certificate created by elasticsearch-certutil is not usable in production?
- searchguard for SSL communication in ELK
- Using Elasticsearch Java REST API with self signed certificates
- Elasticsearch :: community version [ 6.4.2] secure
- elasticSearch/npm: Elasticdump returns a "self signed certificate" error