Beats input plugin cannot read password protected ssl key

tterranigma · June 20, 2019, 10:13pm

I am trying to setup the beats input to use ssl to authenticate to the connecting beats client. This is what I have in my beats.conf file:

# vi:ft=logstash.jinja2
input {
  beats {
    id => 'beat-input'
    port => 5044
    host => '0.0.0.0'
    ssl => true
    ssl_certificate => '/etc/logstash/certs/beat_input/all.crt'
    ssl_certificate_authorities => '/etc/logstash/certs/beat_input/ca.crt'
    ssl_key => '/etc/logstash/certs/beat_input/all.key'
    ssl_key_passphrase => '${beat_input_ssl_key_passphrase}'
    }
}

The beat_input_ssl_key_passphrase is the variable name I used to add the ssl key passphrase into the logstash keystore. The problem is that when starting Logstash (on Ubuntu 18.04) with systemd I get (it is too long to paste directly):

https://pastebin.com/BdsqiWcH

I tried to place the key passphrase as plaintext in the beat.conf file but the same error appears. I am using the same key, certificate and ca with elasticsearch without issues. Has anyone managed to get the ssl key passsphrase setting working?

tterranigma · June 20, 2019, 10:59pm

Actually, after hours of research I tend to thing that ssl is broken in (at least) the beats input plugin.

tterranigma · June 21, 2019, 1:50pm

The private key has to be in pkcs8 format. But a password protected key even in this format does not work. I have opened an issue on github: https://github.com/logstash-plugins/logstash-input-beats/issues/364

system · July 19, 2019, 1:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.