Issue with two SSL endpoints and two self signed CAs in ca_certs

[williamhargrove]

Hi,

I am having an issue with elastalert connecting to an ES cluster over SSL using a self signed certificate issued by a private CA whilst also configuring an http "post" alert which is configured to hit an SSL endpoint using a self signed certificate signed by a different private CA. Unfortunately I am not in a position to be able to change this architecture.

I am running the elastalert 3.0.0-beta.1 docker image.

config.yaml:

es_host: elastic1
es_port: 9200

use_ssl: True
verify_certs: True
ca_certs: /opt/elastalert/root-ca.pem

The ca_certs file above contains the private CA that was used to sign the self-signed certificates issued to the elastic1 host.

This configuration works well and if I setup email based alerting, alerts matching my search criteria will be sent out.

Now I have setup an http_post_url to a server with a self signed cert issued by a different private CA.

http_post_url: "https://alertbot1:8079/sendJsonPayload"

Using this configuration, when an alert is fired I get a 'bad handshake Error' - certificate verify failed message in the log files, as shown below:

I then tried to add the private CA that signed the certificate issued to 'alertbot1' into the root-ca.pem file above (so it contained both root CAs). Having done that I get the same error as above.

It suggests to me that the file referenced by ca_certs above cannot contain more than one CA cert?

If I set

verify_certs: False
#ca_certs: /opt/.....

I get the following warning:

But the message is never delivered to the http_post_url endpoint.

Any suggestions or pointers on how I can move forward with this would be very gratefully received.

Thanks, Will.