[Help] You cannot pass CA certificates when verify SSL is off

[jungyoo601]

I configured the config.yaml file and then ran elastalert-create-index, but the following error occurred.

My config.yaml is as follows:
...
rules_folder: /home/elk/elastaert2/rules

'# How often ElastAlert will query Elasticsearch
'# The unit can be anything from weeks to seconds
run_every:
minutes: 1

'# ElastAlert will buffer results from the most recent
'# period of time, in case some log sources are not in real time
buffer_time:
#minutes: 15
minutes: 1

'# The Elasticsearch hostname for metadata writeback
'# Note that every rule can have its own Elasticsearch host
es_host: localhost

'# The Elasticsearch port
es_port: 9200

alert_time_limit:
days: 2

es_username: elastic
es_password: -
ca_certs: /home/home/ssl_cert/http.pem
use_ssl: True
verify_certs: False

[jertel]

Why are you giving it a ca_cert setting if you don't want it to verify SSL?

[jungyoo601]

Since it's a self-signed certificate, I understand that "verify_certs: True" should not be used.

[jungyoo601]

After changing it to "verify_certs: True" and running it, the error occurred.

[jungyoo601]

The PEM file is the same as the one used in the kibana.yml. Kibana is working correctly.

[jertel]

You can't have it both ways. Either you care about the certificates matching, or you don't.

If you don't care that the certificates fail to match then specify verify_certs: False and do not give it a ca_certs parameter.

If you do care and want the certificates to be verified then specify verify_certs: True.

If you are using a self-signed certificate then use verify_certs: True and specify the ca_cert parameter. This is the option you have selected.

The reason the last option isn't working is because you have a hostname mismatch. The hostname of the es_host parameter in ElastAlert 2 config must match the ES certificate's hostname.

[jungyoo601]

Thank you. I will start fresh with a new certificate.