Skip to content

Commit

Permalink
Adding section for monitoring with PKI authentication (elastic#14227) (
Browse files Browse the repository at this point in the history
…elastic#14253)

* Adding section for monitoring with PKI auth

* Apply suggestions from code review

Co-Authored-By: DeDe Morton <dede.morton@elastic.co>

* Fixing comment about username
  • Loading branch information
ycombinator authored Oct 29, 2019
1 parent 2186d43 commit 352db8a
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions libbeat/docs/monitoring/monitoring-internal-collection.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,28 @@ Stack Monitoring UI. To get a cluster's `cluster_uuid`,
call the `GET /` API against that cluster.
<2> This setting identifies the hosts and port numbers of {es} nodes
that are part of the monitoring cluster.
+
If you want to use PKI authentication to send monitoring events to
{es}, you must specify a different set of configuration options. For
example:
+
[source,yaml]
--------------------
monitoring:
enabled: true
cluster_uuid: PRODUCTION_ES_CLUSTER_UUID
elasticsearch:
hosts: ["https://example.com:9200", "https://example2.com:9200"]
username: ""
ssl:
ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
ssl.certificate: "/etc/pki/client/cert.pem"
ssl.key: "/etc/pki/client/cert.key"
--------------------
+
You must specify the `username` as `""` explicitly so that
the username from the client certificate (`CN`) is used. See
<<configuration-ssl>> for more information about SSL settings.

ifndef::serverless[]
. Start {beatname_uc}.
Expand Down

0 comments on commit 352db8a

Please sign in to comment.