'wazuh-certs-generator' doesn't work in air-gapped or offline environments

[spatterIight]

Since the wazuh-certs-generator docker image does not have wazuh-certs-tool.sh baked into the image it is fetched at run-time using curl from an S3 bucket.

This is not ideal since it requires an outbound internet connection, which may not be available in the security hardened environments that Wazuh is deployed to.

Would it possible to include this script in the image, so it can work in isolated environments?

Thanks

[spatterIight]

Additionally, when run in such an environment there is no error to indicate what the problem is. It just hangs silently forever:

[vcerenu]

Hello @spatterIight

The image for creating certificates is a method of help for users that we create to speed up the deployment process and we normally generate new binaries of the wazuh-cert-tool.sh tools, so we do not tie the use of this binary to the image and we download it at the moment, so we require an internet connection for its use.

If you need to use a method of creating certificates offline, I recommend that you download the tool on your own and then use it, the way of use is simple and if you need help you can guide yourself with the entrypoint of the image to know what changes to make:
https://github.com/wazuh/wazuh-docker/blob/v4.10.1/indexer-certs-creator/config/entrypoint.sh

This image will be deprecated in future versions, so we are not generating new developments in it, but if it generates any error in your deployment, let us know so we can verify it

[spatterIight]

thanks, appreciate it

for now i have modified the entry point of the image to load the script from the local file system instead of downloading it from the internet