The wazuh kubernetes install instructions uses self signed certificates.
Is there a way to use cert-manager/LetsEncrypt certificates instead?
Asked
Active
Viewed 390 times
1 Answers
1
For Kibana, you can easily use Trusted CA Signed SSL Certificates, for example Let's Encrypt, by placing them in cert/kibana_http/
cp /etc/letsencrypt/live/<site-address>/privkey.pem certs/kibana_http/key.pem
cp /etc/letsencrypt/live/<site-address>/fullchain.pem certs/kibana_http/cert.pem
For internal communications between the different Wazuh components, self-signed certificates are a good option given that they all verify the CA through a local file. Self-signed certificates also avoid the need for FQDN which is required to get a certificate from a Trusted CA.
Sandra
- 26
- 1
-
Thanks! I looked at the self signed certs and they default to 10 years so renewal won't be an issue. Will look at using signed certs for kibana. Thanks! – Jethro Sep 24 '21 at 17:46