diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index ce9f4ddcb7e..f7ec0464c3a 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -516,7 +516,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -653,7 +653,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -859,7 +859,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1028,7 +1028,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1320,7 +1320,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1523,7 +1523,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 3b0fd8c2fb0..f17e11f5efb 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1449,7 +1449,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1586,7 +1586,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1792,7 +1792,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1961,7 +1961,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -2253,7 +2253,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -2456,7 +2456,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index d461904c6b2..18779b0ab2a 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -662,7 +662,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -799,7 +799,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1005,7 +1005,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1174,7 +1174,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1466,7 +1466,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1669,7 +1669,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/libbeat/_meta/config/ssl.reference.yml.tmpl b/libbeat/_meta/config/ssl.reference.yml.tmpl index e726198e713..3f405ec4889 100644 --- a/libbeat/_meta/config/ssl.reference.yml.tmpl +++ b/libbeat/_meta/config/ssl.reference.yml.tmpl @@ -54,4 +54,4 @@ # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. -#ssl.es_ca_fingerprint: "" +#ssl.ca_trusted_fingerprint: "" diff --git a/libbeat/common/transport/tlscommon/config.go b/libbeat/common/transport/tlscommon/config.go index a922b04d2d8..0bb2e35c20c 100644 --- a/libbeat/common/transport/tlscommon/config.go +++ b/libbeat/common/transport/tlscommon/config.go @@ -30,16 +30,16 @@ var warnOnce sync.Once // Config defines the user configurable options in the yaml file. type Config struct { - Enabled *bool `config:"enabled" yaml:"enabled,omitempty"` - VerificationMode TLSVerificationMode `config:"verification_mode" yaml:"verification_mode"` // one of 'none', 'full' - Versions []TLSVersion `config:"supported_protocols" yaml:"supported_protocols,omitempty"` - CipherSuites []CipherSuite `config:"cipher_suites" yaml:"cipher_suites,omitempty"` - CAs []string `config:"certificate_authorities" yaml:"certificate_authorities,omitempty"` - Certificate CertificateConfig `config:",inline" yaml:",inline"` - CurveTypes []tlsCurveType `config:"curve_types" yaml:"curve_types,omitempty"` - Renegotiation TlsRenegotiationSupport `config:"renegotiation" yaml:"renegotiation"` - CASha256 []string `config:"ca_sha256" yaml:"ca_sha256,omitempty"` - ESCAFingerprint string `config:"es_ca_fingerprint" yaml:"es_ca_fingerprint,omitempty"` + Enabled *bool `config:"enabled" yaml:"enabled,omitempty"` + VerificationMode TLSVerificationMode `config:"verification_mode" yaml:"verification_mode"` // one of 'none', 'full' + Versions []TLSVersion `config:"supported_protocols" yaml:"supported_protocols,omitempty"` + CipherSuites []CipherSuite `config:"cipher_suites" yaml:"cipher_suites,omitempty"` + CAs []string `config:"certificate_authorities" yaml:"certificate_authorities,omitempty"` + Certificate CertificateConfig `config:",inline" yaml:",inline"` + CurveTypes []tlsCurveType `config:"curve_types" yaml:"curve_types,omitempty"` + Renegotiation TlsRenegotiationSupport `config:"renegotiation" yaml:"renegotiation"` + CASha256 []string `config:"ca_sha256" yaml:"ca_sha256,omitempty"` + CATrustedFingerprint string `config:"ca_trusted_fingerprint" yaml:"ca_trusted_fingerprint,omitempty"` } // LoadTLSConfig will load a certificate from config with all TLS based keys @@ -83,15 +83,15 @@ func LoadTLSConfig(config *Config) (*TLSConfig, error) { // return config if no error occurred return &TLSConfig{ - Versions: config.Versions, - Verification: config.VerificationMode, - Certificates: certs, - RootCAs: cas, - CipherSuites: config.CipherSuites, - CurvePreferences: curves, - Renegotiation: tls.RenegotiationSupport(config.Renegotiation), - CASha256: config.CASha256, - ESCAFingerprint: config.ESCAFingerprint, + Versions: config.Versions, + Verification: config.VerificationMode, + Certificates: certs, + RootCAs: cas, + CipherSuites: config.CipherSuites, + CurvePreferences: curves, + Renegotiation: tls.RenegotiationSupport(config.Renegotiation), + CASha256: config.CASha256, + CATrustedFingerprint: config.CATrustedFingerprint, }, nil } diff --git a/libbeat/common/transport/tlscommon/tls_config.go b/libbeat/common/transport/tlscommon/tls_config.go index bfdf2319588..a2e861e51bc 100644 --- a/libbeat/common/transport/tlscommon/tls_config.go +++ b/libbeat/common/transport/tlscommon/tls_config.go @@ -77,10 +77,9 @@ type TLSConfig struct { // the server certificate. CASha256 []string - // ESCAFingerprint is the CA certificate pin, in HEX form, from Elasticsearch self - // generated CA cartificate. We use that to trust self-signed certificates generated - // by Elasticsearch - ESCAFingerprint string `config:"es_ca_fingerprint" yaml:"es_ca_fingerprint,omitempty"` + // CATrustedFingerprint is the CA certificate pin, in HEX form, from a self + // generated CA cartificate. + CATrustedFingerprint string `config:"ca_trusted_fingerprint" yaml:"ca_trusted_fingerprint,omitempty"` // time returns the current time as the number of seconds since the epoch. // If time is nil, TLS uses time.Now. @@ -159,8 +158,8 @@ func (c *TLSConfig) BuildServerConfig(host string) *tls.Config { return config } -func trustESRootCA(cfg *TLSConfig, peerCerts []*x509.Certificate) error { - fingerprint, err := hex.DecodeString(cfg.ESCAFingerprint) +func trustRootCA(cfg *TLSConfig, peerCerts []*x509.Certificate) error { + fingerprint, err := hex.DecodeString(cfg.CATrustedFingerprint) if err != nil { return fmt.Errorf("decode fingerprint: %w", err) } @@ -190,8 +189,8 @@ func makeVerifyConnection(cfg *TLSConfig) func(tls.ConnectionState) error { switch cfg.Verification { case VerifyFull: return func(cs tls.ConnectionState) error { - if cfg.ESCAFingerprint != "" { - if err := trustESRootCA(cfg, cs.PeerCertificates); err != nil { + if cfg.CATrustedFingerprint != "" { + if err := trustRootCA(cfg, cs.PeerCertificates); err != nil { return err } } @@ -212,8 +211,8 @@ func makeVerifyConnection(cfg *TLSConfig) func(tls.ConnectionState) error { } case VerifyCertificate: return func(cs tls.ConnectionState) error { - if cfg.ESCAFingerprint != "" { - if err := trustESRootCA(cfg, cs.PeerCertificates); err != nil { + if cfg.CATrustedFingerprint != "" { + if err := trustRootCA(cfg, cs.PeerCertificates); err != nil { return err } } @@ -231,8 +230,8 @@ func makeVerifyConnection(cfg *TLSConfig) func(tls.ConnectionState) error { case VerifyStrict: if len(cfg.CASha256) > 0 { return func(cs tls.ConnectionState) error { - if cfg.ESCAFingerprint != "" { - if err := trustESRootCA(cfg, cs.PeerCertificates); err != nil { + if cfg.CATrustedFingerprint != "" { + if err := trustRootCA(cfg, cs.PeerCertificates); err != nil { return err } } diff --git a/libbeat/docs/shared-ssl-config.asciidoc b/libbeat/docs/shared-ssl-config.asciidoc index 1c20e6b8565..ab6734d97e0 100644 --- a/libbeat/docs/shared-ssl-config.asciidoc +++ b/libbeat/docs/shared-ssl-config.asciidoc @@ -219,6 +219,16 @@ NOTE: This check is not a replacement for the normal SSL validation, but it adds If this option is used with `verification_mode` set to `none`, the check will always fail because it will not receive any verified chains. +[float] +[[_ca_trusted_fingerprint]] +==== `ca_trusted_fingerprint` +This configures a certificate pin that you can use to trust and pin a +root CA without providing the certificate under +`certificate_authorities` + +The pin is the HEX encoded SHA-256 of the certificate. + + [discrete] [[ssl-client-config]] === Client configuration options diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index d2876f6877b..cd41034a622 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1359,7 +1359,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1496,7 +1496,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1702,7 +1702,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1871,7 +1871,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -2163,7 +2163,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -2366,7 +2366,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 6150de6ac17..9bc5b09b5b3 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1011,7 +1011,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1148,7 +1148,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1354,7 +1354,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1523,7 +1523,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1815,7 +1815,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -2018,7 +2018,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index 8adad71a5d6..f561879f077 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -445,7 +445,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -582,7 +582,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -788,7 +788,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -957,7 +957,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1249,7 +1249,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1452,7 +1452,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 6938e4aeaa7..2c5b326bec2 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -572,7 +572,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -709,7 +709,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -915,7 +915,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1084,7 +1084,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1376,7 +1376,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1579,7 +1579,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 420f44d6e7a..23ced856deb 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -3602,7 +3602,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -3739,7 +3739,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -3945,7 +3945,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -4114,7 +4114,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -4406,7 +4406,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -4609,7 +4609,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 706a2078a00..023597f4ad3 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -694,7 +694,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -831,7 +831,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1104,7 +1104,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1307,7 +1307,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/heartbeat/heartbeat.reference.yml b/x-pack/heartbeat/heartbeat.reference.yml index d461904c6b2..18779b0ab2a 100644 --- a/x-pack/heartbeat/heartbeat.reference.yml +++ b/x-pack/heartbeat/heartbeat.reference.yml @@ -662,7 +662,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -799,7 +799,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1005,7 +1005,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1174,7 +1174,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1466,7 +1466,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1669,7 +1669,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 7b6c88f43b2..2171b1dc171 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1880,7 +1880,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -2017,7 +2017,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -2223,7 +2223,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -2392,7 +2392,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -2684,7 +2684,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -2887,7 +2887,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml index 60df83abde8..e87e81be583 100644 --- a/x-pack/osquerybeat/osquerybeat.reference.yml +++ b/x-pack/osquerybeat/osquerybeat.reference.yml @@ -413,7 +413,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -550,7 +550,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -823,7 +823,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1026,7 +1026,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml index 6150de6ac17..9bc5b09b5b3 100644 --- a/x-pack/packetbeat/packetbeat.reference.yml +++ b/x-pack/packetbeat/packetbeat.reference.yml @@ -1011,7 +1011,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1148,7 +1148,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -1354,7 +1354,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1523,7 +1523,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1815,7 +1815,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -2018,7 +2018,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index 651222f3714..fe6f27e2a30 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -488,7 +488,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -625,7 +625,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # The number of times to retry publishing an event after a publishing failure. # After the specified number of retries, the events are typically dropped. @@ -831,7 +831,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true @@ -1000,7 +1000,7 @@ output.elasticsearch: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # -------------------------------- File Output --------------------------------- @@ -1292,7 +1292,7 @@ setup.kibana: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # ================================== Logging =================================== @@ -1495,7 +1495,7 @@ logging.files: # A root CA HEX encoded fingerprint used to trust and pin this certificate. # This enables compatibility with Elasticserach self signed certificates as well as trusting # and pinning any other self-signed certificate. - #ssl.es_ca_fingerprint: "" + #ssl.ca_trusted_fingerprint: "" # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. #kerberos.enabled: true