I am using Perl wrapper for Elasticsearch: "Search::Elasticsearch" I create an object as follows:
use Search::Elasticsearch;
my $e = Search::Elasticsearch->new( nodes => "192.168.0.66:9200", debug => 1);
It works fine and I can query Elasticsearch node using this object. Then I try to connect towards an Elasticsearch node that is enabled for SSL using self-signed certificate. I use the following command:
use Search::Elasticsearch;
my $e = Search::Elasticsearch->new( nodes => "192.168.0.66:9200", use_https => 1, userinfo => "testuser:testpwd", debug => 1);
But it doesn't work.
If I do curl to query Elasticsearch, I use the following command:
curl https://testuser:testpwd@192.168.0.67:9200
This also doesn't work. When I use -k switch with curl:
curl https://testuser:testpwd@192.168.0.67:9200 -k
Then it works fine. I get response from Elasticsearch node.
Now I want to use the same procedure to query same SSL enabled Elasticsearch node using Perl module: Search::Elasticsearch. What is the right syntax and how and where to define '-k' switch?
Using -k is synonym to --insecure so curl doesn't verify the certificate. The question is then, how useful is it to query over an encrypted SSL channel while allowing insecure connections?
That kind of defeats the purpose of using SSL in the first place, right?
If you have the CA that signed the certificate (which you should), then you should use it with the --cacert curl switch
curl --cacert /path/to/cacert.pem https://testuser:testpwd@192.168.0.67:9200
or with Perl you can also specify the CA cert in the ssl_options
use Search::Elasticsearch;
use IO::Socket::SSL;
my $es = Search::Elasticsearch->new(
nodes => [
"192.168.0.66:9200"
],
userinfo => "testuser:testpwd",
debug => 1,
ssl_options => {
SSL_verify_mode => SSL_VERIFY_PEER,
SSL_ca_file => '/path/to/cacert.pem',
SSL_verifycn_scheme => 'http',
}
);