Add possibility to use system CA

wazuh · Aug 4, 2022 · bd4f014 · bd4f014
1 parent 0cecd38
commit bd4f014
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 0 deletions.
diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp
@@ -26,6 +26,7 @@
   ],
 
   $manage_certs = true,
+  $use_system_ca = false,
 ) {
   # assign version according to the package manager
   case $facts['os']['family'] {

diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
@@ -19,6 +19,7 @@
   $filebeat_path_certs = '/etc/filebeat/certs',
 
   $manage_certs = true,
+  $use_system_ca = false,
 ) {
   include wazuh::repo_elastic_oss
 

diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb
@@ -17,8 +17,10 @@ output.elasticsearch:
   username: <%= @filebeat_oss_elastic_user %>
   password: <%= @filebeat_oss_elastic_password %>
   protocol: https
+<% if not @use_system_ca -%>
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
+<% end -%>
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
   ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
 

diff --git a/templates/wazuh_dashboard_yml.erb b/templates/wazuh_dashboard_yml.erb
@@ -12,6 +12,8 @@ opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "<%= @dashboard_path_certs %>/dashboard-key.pem"
 server.ssl.certificate: "<%= @dashboard_path_certs %>/dashboard.pem"
+<% if not @use_system_ca -%>
 opensearch.ssl.certificateAuthorities: ["<%= @dashboard_path_certs %>/root-ca.pem"]
+<% end -%>
 uiSettings.overrides.defaultRoute: /app/wazuh