Accept TLS/SSL certificates without having to manually create a JKS?

[sgreszcz]

There is no simple way to accept TLS/SSL certificates using http_poller input. Using something like python's "requests" library or postman allows a flag to be set to automatically accept certificates.

Having to manually pre-build a JKS is not easy to automate and scale, especially in a Logstash/Docker deployment for ingesting data.

• Version: 7.5.0
• Operating System: Ubuntu 18.04 (Logstash in official Docker)
• Config File (if you have sensitive info, please remove it):

input {
    http_poller {
        urls => {
            UCM_SOAP => {
                method => post
                url => "https://some_server:8443/logcollectionservice2/services/LogCollectionPortTypeService?wsdl"
                auth => {
                    user => "user"
                    password => "password"
                }
                headers => {
                    "Content-Type" => "text/xml"
                    "SOAPAction" => "CUCM:DB ver=12.5"
                }
                body =>
'<!--LogCollection API - SelectLogFiles - Request-->
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap">
<soapenv:Header/>
<soapenv:Body>
<soap:selectLogFiles>
<soap:FileSelectionCriteria>
<soap:ServiceLogs>
<soap:item></soap:item>
</soap:ServiceLogs>
<soap:SystemLogs>
<soap:item>Cisco RIS Data Collector PerfMonLog</soap:item>
</soap:SystemLogs>
<soap:SearchStr></soap:SearchStr>
<soap:Frequency>OnDemand</soap:Frequency>
<soap:JobType>PushtoSFTPServer</soap:JobType>
<soap:ToDate></soap:ToDate>
<soap:FromDate></soap:FromDate>
<soap:TimeZone></soap:TimeZone>
<soap:RelText>Days</soap:RelText>
<soap:RelTime>5</soap:RelTime>
<soap:Port>22</soap:Port>
<soap:IPAddress>some_server</soap:IPAddress>
<soap:UserName>user</soap:UserName>
<soap:Password>password</soap:Password>
<soap:ZipInfo>false</soap:ZipInfo>
<soap:RemoteFolder>/data/test/</soap:RemoteFolder>
</soap:FileSelectionCriteria>
</soap:selectLogFiles>
</soapenv:Body>
</soapenv:Envelope>'
            }
        }
        request_timeout => 60
        # Supports "cron", "every", "at" and "in" schedules by rufus scheduler
        schedule => { cron => "* * * * * UTC" }
    }
}

output {
  stdout {
    codec => rubydebug
  }
}

• Sample Data:

    "http_request_failure" => {
              "backtrace" => nil,
                  "error" => "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",

• Steps to Reproduce:

Use the Logstash Docker container with any http_poller input and self-signed HTTPs endpoint.

[sgreszcz]

According to issue #96 this was possible before. Can we please reinstate the "ignore" flag with:

ssl => true
ssl_certificate_verification => false

[edmocosta]

Closing this issue as it seem to be already supported by newer versions of the plugin.
Although it's not recommended, it's possible to ignore the certificate validation by setting the ssl_verification_mode to none. Another option to avoid creating JKS is setting the CAs using PEM certificates (cacert).