If access to your Elasticsearch instance is protected by SSL encryption, you must use the --use_ssl flag.

SSL Certificate Validationedit

Beginning with version 3.2.0, Curator added experimental support for validating SSL certificates. These features were enhanced in version 3.3.0 to support additional SSL validation options.

Depending on which validation option you choose, you may need to install an additional Python module.

If you have certificates signed by a commonly known Certificate Authority…

Chances are good that the CA certificates bundled with Mozilla Firefox will be able to validate your certificate. In this case, use of the certifi python module will work. This can be installed via pip install certifi.

With the certifi module installed, if you are connecting to Elasticsearch via SSL, the verification should automatically take place.

If you have an unrecognized CA, use self-signed certificates, or do not wish to install the certifi module…

In this case you can use the --certificate flag to point to the file which holds the CA certificate to use for validation. This file should be in PEM format.

If you do not wish to validate your certificate at all…

This is not recommended, but if you so desire, you can use the --ssl-no-validate flag. Use of this flag will likely still yield a warning about insecure connections, but still permit the use of SSL communications.


  • --use_ssl (Set use_ssl to True)

This flag must come before any command.


Connect to a cluster at https://example.com/ via ssl:

curator --host example.com --port 443 --use_ssl <<command>> <<flags>>