If access to your Elasticsearch instance is protected by SSL encryption, you
must use the
SSL Certificate Validationedit
Beginning with version 3.2.0, Curator added experimental support for validating SSL certificates. These features were enhanced in version 3.3.0 to support additional SSL validation options.
Depending on which validation option you choose, you may need to install an additional Python module.
If you have certificates signed by a commonly known Certificate Authority…
Chances are good that the CA certificates bundled with Mozilla Firefox will be
able to validate your certificate. In this case, use of the
module will work. This can be installed via
pip install certifi.
certifi module installed, if you are connecting to Elasticsearch via
SSL, the verification should automatically take place.
If you have an unrecognized CA, use self-signed certificates, or do not wish
to install the
In this case you can use the --certificate flag to point to the file which holds the CA certificate to use for validation. This file should be in PEM format.
If you do not wish to validate your certificate at all…
This is not recommended, but if you so desire, you can use the --ssl-no-validate flag. Use of this flag will likely still yield a warning about insecure connections, but still permit the use of SSL communications.
This flag must come before any command.
Connect to a cluster at
https://example.com/ via ssl:
curator --host example.com --port 443 --use_ssl <<command>> <<flags>>