Skip to content

ADR Support self-signed certificates for elasticsearch

Change Type:

  • Feature
  • Bugfix
  • Refactoring

Context and Scope

Search and Indexer Service does not support HTTPS connections with self-signed certificates (SSC) for Elastic search.

Decision

Add a new property that will control trust/not-to-trust SSC.

  • Module: search-core
  • Affected Class: org.opengroup.osdu.search.util.ElasticClientHandler
  • Property: security.https.certificate.trust
  • Default value false 
public class ElasticClientHandler {
...

  @Value("#{new Boolean('${security.https.certificate.trust:false}')}")
  private Boolean securityHttpsCertificateTrust;
...

if ("https".equals(protocolScheme) && securityHttpsCertificateTrust) {
...

Rational

To use self-signed certificates for Elastic on non-production environments.

Consequences

No changes from other CSP will be required. Default strategy still will be Not to trust SSC.

Edited by Dmitriy Rudko
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information