Airgap Security Artifact Registry - Use CA file for validation #478
Comments
|
There may also be a bug in relation to this: Although the download is having issues, the Agent shows as "Healthy". I would think the "Download Global Artifacts" ought to show warning/error to indicate there is an issue to investigate. |
|
@nfritts FYI |
|
Thank you for highlighting this user experience problem. The immediate mitigation for it in custom artifacts setup, which should be mentioned in the guide (https://www.elastic.co/guide/en/security/current/offline-endpoint.html), is to verify your config with
Elastic Defend reports policy error if artifacts are missing, or user explicitly configured a specific version (https://www.elastic.co/guide/en/security/8.12/artifact-control.html) which failed to download. Otherwise Elastic Defend is using currently cached artifacts, reporting healthy status, assuming it'll download eventual artifacts update at next update interval. In 8.12 we've added an enhancement to bring some clarity how old are the cached artifacts https://docs.elastic.co/en/integrations/endpoint Enhancement View pull request |
Attempting to use the Configure offline endpoints and air-gapped environments (https://www.elastic.co/guide/en/security/current/offline-endpoint.html).
The self-hosted https server is using a self-signed cert / internal CA. When it attempts to download the new endpoint artifacts, I get:
[elastic_agent.endpoint_security][error] Http.cpp:327 CURL error 60: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self signed certificate in certificate chain]Feature request would be the option to point to a CA file or text block for trusted ca cert for validation of self-signed certs, alongside the base_url .
The text was updated successfully, but these errors were encountered: