Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No TLS certificates shown in the kibana/uptime/certificate dashboard #20688

Closed
InbarShimshon opened this issue Aug 19, 2020 · 2 comments · Fixed by elastic/kibana#78575
Closed

No TLS certificates shown in the kibana/uptime/certificate dashboard #20688

InbarShimshon opened this issue Aug 19, 2020 · 2 comments · Fixed by elastic/kibana#78575
Assignees
@shahzad31
Labels
bug Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team test-plan Add this PR to be manual test plan v7.11.0

Comments

@InbarShimshon
Copy link

InbarShimshon commented Aug 19, 2020
edited
Loading

Please post all questions and issues on https://discuss.elastic.co/c/beats
before opening a Github Issue. Your questions will reach a wider audience there,
and if we confirm that there is a bug, then you can open a new issue.

For security vulnerabilities please only send reports to security@elastic.co.
See https://www.elastic.co/community/security for more information.

Please include configurations and logs if available.

For confirmed bugs, please report:

  • Version: 7.8.1
  • Operating System:
  • Discuss Forum URL:
  • Steps to Reproduce:

Set up HB > LS > ES > Kibana with aim to see TLS certificate in Uptime.
Issue: While certificate shows in monitors while under TLS certificate it remains empty.
image

in heartbeat.yml settings are correct

heartbeat.monitors:
- type: tcp
 schedule: '@every 5s'
 name: inbartes
 hosts: ["inbar.test.test"]
 ports: [0000]
 ssl:
  certificate_authorities: ['/opt/certs/ca-int.pem']
  supported_protocols: ["TLSv1.0", "TLSv1.1", "TLSv1.2"]

tls.server.* fields are present:

image

From a test the conditions are the certificates shown in the kibana/uptime/certificate dashboard are as followed

GET heartbeat-8.0.0*/_search
{
  "from": 1,
  "size": 10,
  "query": {
    "bool": {
      "filter": [
        {
          "exists": {
            "field": "tls.server"
          }
        },
        {
          "range": {
            "monitor.timespan": {
              "gte": "now-5m",
              "lte": "now"
            }
          }
        }
      ]
    }
  },
  "_source": [
    "monitor.id",
    "monitor.name",
    "tls.server.x509.issuer.common_name",
    "tls.server.x509.subject.common_name",
    "tls.server.hash.sha1",
    "tls.server.hash.sha256",
    "tls.server.x509.not_after",
    "tls.server.x509.not_before"
  ],
  "collapse": {
    "field": "tls.server.hash.sha256",
    "inner_hits": {
      "_source": {
        "includes": [
          "monitor.id",
          "monitor.name",
          "url.full"
        ]
      },
      "collapse": {
        "field": "monitor.id"
      },
      "name": "monitors",
      "sort": [
        {
          "monitor.id": "asc"
        }
      ]
    }
  },
  "aggs": {
    "total": {
      "cardinality": {
        "field": "tls.server.hash.sha256"
      }
    }
  }
}

The suggestion was that maybe the spoiler here is this filter

{
          "range": {
            "monitor.timespan": {
              "gte": "now-5m",
              "lte": "now"
            }
          }
        }

I believe this is a bug
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 19, 2020
@andresrc andresrc added the Team:obs-ds-hosted-services Label for the Observability Hosted Services team label Aug 20, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/uptime (Team:Uptime)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Aug 20, 2020
@andrewvc
Copy link
Contributor

This appears to have been caused by a versioning issue. The real issue here is that we can't render the page without the new tls.server.* fields which are only present in heartbeat 7.8+ . In a sense we need a design solution here, maybe a message to indicate that they need to upgrade heartbeat.

I think a simple way to do that would be, if there's an empty list, to have the empty state show a message stating "No Certificates found. Note: Certificates are only visible for Heartbeat 7.8+"

@shahzad31 shahzad31 mentioned this issue Sep 28, 2020
Merged
@andrewvc andrewvc added v7.11.0 test-plan Add this PR to be manual test plan labels Dec 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shahzad31 shahzad31

Labels
bug Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team test-plan Add this PR to be manual test plan v7.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Uptime ]Update empty message for certs list shahzad31/kibana
6 participants
@andrewvc @andresrc @shahzad31 @elasticmachine @InbarShimshon @paulb-elastic