You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: docs/faq.asciidoc
+41
Original file line number
Diff line number
Diff line change
@@ -34,6 +34,47 @@ It is created by a Java Champion, awarded with the Dukes Choice award and curren
34
34
Unlike other bytecode instrumentation libraries, Byte Buddy is designed so that it is impossible to corrupt the bytecode of instrumented classes.
35
35
It also respects other transformations applied to your application at the same time.
36
36
37
+
[float]
38
+
[[faq-ssl]]
39
+
=== How can I configure SSL/TLS?
40
+
41
+
Please note that the Elastic Agent does not handle SSL/TLS configs internally, therefore, the recommended way to manage these types of configurations is by doing so as part of your app's network security configurations, as explained in Android's official https://developer.android.com/privacy-and-security/security-ssl[security guidelines].
42
+
Below we show a set of common use-cases and quick tips on what could be done on each one, however, each case might be different, so please refer to Android's https://developer.android.com/privacy-and-security/security-config[official docs] on this topic in case you need more details.
43
+
44
+
[float]
45
+
[[faq-ssl-elastic-cloud]]
46
+
==== Connecting to Elastic Cloud
47
+
48
+
If your Elastic Stack is hosted in Elastic Cloud, you shouldn't need to add any SSL/TLS config changes in your app, it should work out of the box.
49
+
50
+
[float]
51
+
[[faq-ssl-on-prem]]
52
+
==== Connecting to an on-prem server
53
+
54
+
If your Elastic Stack is hosted on-prem, then it depends on the type of CA your host uses to sign its certificates, if it's a commonly trusted CA, then you shouldn't have to worry about changing your app's SSL/TLS configuration as it all should work well out of the box, however, if your CAs are unknown/private or your server uses a self-signed certificate, then you would need to configure your app to trust custom CAs by following https://developer.android.com/privacy-and-security/security-config[Android's guide on it].
55
+
56
+
[float]
57
+
[[faq-ssl-debug]]
58
+
==== Debugging purposes
59
+
60
+
If you're running a local server and need to connect to it without using https in order to run a quick test, then you could temporarily https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic[enable cleartext traffic] within your `AndroidManifest.xml` file, inside the `<application>` tag.
61
+
As shown below:
62
+
63
+
[source,xml]
64
+
----
65
+
<application
66
+
...
67
+
android:usesCleartextTraffic="true">
68
+
...
69
+
</application>
70
+
----
71
+
72
+
NOTE: You should only enable cleartext traffic for debugging purposes and not for production code.
73
+
74
+
If enabling cleartext traffic isn't a valid option for your debugging use-case, you should refer to Android's guide on https://developer.android.com/privacy-and-security/security-config#TrustingDebugCa[configuring CAs for debugging].
75
+
76
+
For more information on how Android handles network security, please refer to the official https://developer.android.com/privacy-and-security/security-ssl[Android docs on it].
77
+
37
78
[float]
38
79
[[faq-unsupported-technologies]]
39
80
=== What if the agent doesn't support the technologies I'm using?
0 commit comments