Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding faq on SSL/TLS config #310

Merged
merged 6 commits into from
May 17, 2024
Merged

Adding faq on SSL/TLS config #310

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4fc4d6e
Adding faq on SSL/TLS
LikeTheSalad May 8, 2024
6d71a0b
Fixing typo
LikeTheSalad May 8, 2024
46a1a21
Update docs/faq.asciidoc
LikeTheSalad May 16, 2024
d97bf2a
Update docs/faq.asciidoc
LikeTheSalad May 16, 2024
646ac11
Update docs/faq.asciidoc
LikeTheSalad May 16, 2024
e0c28d6
Update docs/faq.asciidoc
LikeTheSalad May 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions docs/faq.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,47 @@ It is created by a Java Champion, awarded with the Dukes Choice award and curren
Unlike other bytecode instrumentation libraries, Byte Buddy is designed so that it is impossible to corrupt the bytecode of instrumented classes.
It also respects other transformations applied to your application at the same time.

[float]
[[faq-ssl]]
=== How can I configure SSL/TLS?

Please note that the Elastic Agent does not handle SSL/TLS configs internally, therefore, the recommended way to manage these types of configurations is by doing so as part of your app's network security configurations, as explained in Android's official https://developer.android.com/privacy-and-security/security-ssl[security guidelines].
Below we show a set of common use-cases and quick tips on what could be done on each one, however, each case might be different, so please refer to Android's https://developer.android.com/privacy-and-security/security-config[official docs] on this topic in case you need more details.

[float]
[[faq-ssl-elastic-cloud]]
==== Connecting to Elastic Cloud

If your ELK stack is hosted in Elastic Cloud, you shouldn't need to add any SSL/TLS config changes in your app, it should work out of the box.
LikeTheSalad marked this conversation as resolved.
Show resolved Hide resolved

[float]
[[faq-ssl-on-prem]]
==== Connecting to an on-prem server

If your ELK stack is hosted on-prem, then it depends on the type of CA your host uses to sign its certificates, if it's a commonly trusted CA, then you shouldn't have to worry about changing your app's SSL/TLS configuration as it all should work well out of the box, however, if your CAs are unknown/private or your server uses a self-signed certificate, then you would need to configure your app to trust custom CAs by following https://developer.android.com/privacy-and-security/security-config[Android's guide on it].
LikeTheSalad marked this conversation as resolved.
Show resolved Hide resolved

[float]
[[faq-ssl-debug]]
==== Debugging purposes

If you're running a local server and need to connect to it without using https in order to run a quick test, then you could temporarily https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic[enable clearttext traffic] within your `AndroidManifest.xml` file, inside the `<application>` tag.
LikeTheSalad marked this conversation as resolved.
Show resolved Hide resolved
As shown below:

[source,xml]
----
<application
...
android:usesCleartextTraffic="true">
...
</application>
----

NOTE: You should only enable clearttext traffic for debugging purposes and not for production code.
LikeTheSalad marked this conversation as resolved.
Show resolved Hide resolved

If enabling cleartext traffic isn't a valid option for your debugging use-case, you should refer to Android's guide on https://developer.android.com/privacy-and-security/security-config#TrustingDebugCa[configuring CAs for debugging].

For more information on how Android handles network security, please refer to the official https://developer.android.com/privacy-and-security/security-ssl[Android docs on it].

[float]
[[faq-unsupported-technologies]]
=== What if the agent doesn't support the technologies I'm using?
Expand Down