You can specify the following options in the
apm-server.ssl section of the
apm-server.yml config file.
They apply to SSL/TLS communication between the APM Server and APM Agents.
enabled setting can be used to enable the ssl configuration by setting
true. The default value is
The path to the file containing the certificate for Server authentication.
The path to the file containing the Server certificate key.
The list of root certificates for verifying client certificates.
certificate_authorities is empty or not set, the trusted certificate authorities of the host system are used.
The passphrase used to decrypt an encrypted key stored in the configured
We recommend saving the
key_passphrase in the APM Server Secrets keystore.
This setting is a list of allowed protocol versions:
TLSv1.2. We do not recommend using
The default value is
The list of cipher suites to use. The first entry has the highest priority. If this option is omitted, the Go crypto library’s default suites are used (recommended).
The list of curve types for ECDHE (Elliptic Curve Diffie-Hellman ephemeral key exchange).
This configures what types of client authentication are supported. The valid options
required. The default is
certificate_authorities has been specified, this setting will automatically change to
none- Disables client authentication.
optional- When a client certificate is given, the server will verify it.
required- Requires clients to provide a valid certificate.
This option controls whether the client verifies server certificates and host
names. Valid values are
none is used,
SSL-based connections are susceptible to man-in-the-middle attacks. Use this
option for testing only.
The default is
See Securing APM Server for more information.