We have updated our Terms of Service, Code of Conduct, and Addendum.

[MinIO Destination] Custom CA for TLS

Hi community,

I'm trying to route log data to a self-hosted minio cluster that uses certificates generated using a custom certificate authority. Other destinations allow me to set the path to my CA - the MinIO destination does not seem to have that option.

Is there a way to configure a CA so that this works?

I have also already tried to disable the "reject invalid ssl cert" option, but the events are still not routed to the destination. It always gives the error "self-signed certificate in chain".

Thanks in advance,
Hannes

Tagged:

Comments

  • Jon Rust
    Jon Rust Posts: 443 mod
    edited May 7

    The Minio destination does not currently support custom CAs or mTLS. I'll make sure this is an enhancement ticket. Can you share more information about your use case, and the importance of the feature? Feel free to DM me here or in Cribl Slack.

    Edit1: For reference, CRIBL-5607

    Edit2: See our docs for how to use ENV vars to reference a custom CA

  • Good Morning Jon,

    thanks for your quick answer! I'll elaborate on the use case: We're an enterprise environment with high requirements regarding security, which is why we have our own PKI and CA and have to encrypt each and every network transfer. We're using MinIO as the destination to archive all of our logs. We have a route that clones every event and sends it to MinIO, while the rest of the routing further processes the events and sends them to our SIEM.

    Thank you for the link to the documentation. I had come across that yesterday but not seriously considered it. After talking to my team we're probably going with the suggestion to globally set the CA for the worker processes though, since all of our destinations use the same CA anyway.

    Regarding the enhancement ticket: I have not found Cribl's ticket system yet. Where can I track that?

    Thanks again and have a great day,
    Hannes

  • Jon Rust
    Jon Rust Posts: 443 mod

    Thanks for the background.

    Regarding the enhancement ticket: I have not found Cribl's ticket system yet. Where can I track that?

    Yeah, our ticket system is not public facing. I provided the number only for reference purposes. That way if you have questions about it, you have something to provide context.

  • Ah I see :) Thanks for opening the ticket then.