Skip to content

Commit 9a46fbb

Browse files
pmuellrpmuellr
committed
change to have kibana --ssl cli option use more recent certs (#57933)
* change to have --ssl cli option use more recent certs * also configure 'server.ssl.certificateAuthorities' per PR review * delete theoretically now-unused ssl creds
1 parent a517fd9 commit 9a46fbb

4 files changed

Lines changed: 5 additions & 76 deletions

File tree

src/cli/dev_ssl.js

Lines changed: 0 additions & 22 deletions
This file was deleted.

src/cli/serve/serve.js

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@ import { getConfigPath } from '../../core/server/path';
2828
import { bootstrap } from '../../core/server';
2929
import { readKeystore } from './read_keystore';
3030

31-
import { DEV_SSL_CERT_PATH, DEV_SSL_KEY_PATH } from '../dev_ssl';
32-
3331
function canRequire(path) {
3432
try {
3533
require.resolve(path);
@@ -90,7 +88,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
9088

9189
if (opts.ssl) {
9290
// @kbn/dev-utils is part of devDependencies
93-
const { CA_CERT_PATH } = require('@kbn/dev-utils');
91+
const { CA_CERT_PATH, KBN_KEY_PATH, KBN_CERT_PATH } = require('@kbn/dev-utils');
9492
const customElasticsearchHosts = opts.elasticsearch
9593
? opts.elasticsearch.split(',')
9694
: [].concat(get('elasticsearch.hosts') || []);
@@ -104,6 +102,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
104102
ensureNotDefined('server.ssl.key');
105103
ensureNotDefined('server.ssl.keystore.path');
106104
ensureNotDefined('server.ssl.truststore.path');
105+
ensureNotDefined('server.ssl.certificateAuthorities');
107106
ensureNotDefined('elasticsearch.ssl.certificateAuthorities');
108107

109108
const elasticsearchHosts = (
@@ -121,10 +120,9 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
121120
});
122121

123122
set('server.ssl.enabled', true);
124-
// TODO: change this cert/key to KBN_CERT_PATH and KBN_KEY_PATH from '@kbn/dev-utils'; will require some work to avoid breaking
125-
// functional tests. Once that is done, the existing test cert/key at DEV_SSL_CERT_PATH and DEV_SSL_KEY_PATH can be deleted.
126-
set('server.ssl.certificate', DEV_SSL_CERT_PATH);
127-
set('server.ssl.key', DEV_SSL_KEY_PATH);
123+
set('server.ssl.certificate', KBN_CERT_PATH);
124+
set('server.ssl.key', KBN_KEY_PATH);
125+
set('server.ssl.certificateAuthorities', CA_CERT_PATH);
128126
set('elasticsearch.hosts', elasticsearchHosts);
129127
set('elasticsearch.ssl.certificateAuthorities', CA_CERT_PATH);
130128
}

test/dev_certs/server.crt

Lines changed: 0 additions & 20 deletions
This file was deleted.

test/dev_certs/server.key

Lines changed: 0 additions & 27 deletions
This file was deleted.

0 commit comments

Comments
 (0)