Skip to content

Commit

Permalink
change to have kibana --ssl cli option use more recent certs (#57933)
Browse files Browse the repository at this point in the history
* change to have --ssl cli option use more recent certs
* also configure 'server.ssl.certificateAuthorities' per PR review
* delete theoretically now-unused ssl creds
  • Loading branch information
pmuellr committed Feb 28, 2020
1 parent a517fd9 commit 9a46fbb
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 76 deletions.
22 changes: 0 additions & 22 deletions src/cli/dev_ssl.js

This file was deleted.

12 changes: 5 additions & 7 deletions src/cli/serve/serve.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ import { getConfigPath } from '../../core/server/path';
import { bootstrap } from '../../core/server';
import { readKeystore } from './read_keystore';

import { DEV_SSL_CERT_PATH, DEV_SSL_KEY_PATH } from '../dev_ssl';

function canRequire(path) {
try {
require.resolve(path);
Expand Down Expand Up @@ -90,7 +88,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {

if (opts.ssl) {
// @kbn/dev-utils is part of devDependencies
const { CA_CERT_PATH } = require('@kbn/dev-utils');
const { CA_CERT_PATH, KBN_KEY_PATH, KBN_CERT_PATH } = require('@kbn/dev-utils');
const customElasticsearchHosts = opts.elasticsearch
? opts.elasticsearch.split(',')
: [].concat(get('elasticsearch.hosts') || []);
Expand All @@ -104,6 +102,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
ensureNotDefined('server.ssl.key');
ensureNotDefined('server.ssl.keystore.path');
ensureNotDefined('server.ssl.truststore.path');
ensureNotDefined('server.ssl.certificateAuthorities');
ensureNotDefined('elasticsearch.ssl.certificateAuthorities');

const elasticsearchHosts = (
Expand All @@ -121,10 +120,9 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
});

set('server.ssl.enabled', true);
// TODO: change this cert/key to KBN_CERT_PATH and KBN_KEY_PATH from '@kbn/dev-utils'; will require some work to avoid breaking
// functional tests. Once that is done, the existing test cert/key at DEV_SSL_CERT_PATH and DEV_SSL_KEY_PATH can be deleted.
set('server.ssl.certificate', DEV_SSL_CERT_PATH);
set('server.ssl.key', DEV_SSL_KEY_PATH);
set('server.ssl.certificate', KBN_CERT_PATH);
set('server.ssl.key', KBN_KEY_PATH);
set('server.ssl.certificateAuthorities', CA_CERT_PATH);
set('elasticsearch.hosts', elasticsearchHosts);
set('elasticsearch.ssl.certificateAuthorities', CA_CERT_PATH);
}
Expand Down
20 changes: 0 additions & 20 deletions test/dev_certs/server.crt

This file was deleted.

27 changes: 0 additions & 27 deletions test/dev_certs/server.key

This file was deleted.

0 comments on commit 9a46fbb

Please sign in to comment.