Beats input ssl problem

Info : Ubuntu 18.04
ELK : 7.4.0
OpenSSL : 1.1.1

I just followed the tutorial https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#enable-ts-logstash

Connected logstash + kibana + elastic nodes kibana in stack monitoring works fine see logstash etc.

input {
beats {
port => 5044
ssl => true
ssl_key => '/etc/logstash/config/certs/logstash.pkcs8.key'
ssl_certificate => '/etc/logstash/config/certs/logstash.crt'
}
}
output {
elasticsearch {
hosts => ["https://node1.elastic.ucti:9200","https://node2.elastic.ucti:9200"]
cacert => '/etc/logstash/config/certs/ca.crt'
user => 'logstash_writer'
password => password
}
}

cat just displays the key in dirs.

add the instance information to yml file

instances:

  • name: 'node1'
    dns: [ 'node1.elastic.ucti' ]
  • name: "node2"
    dns: [ 'node2.elastic.ucti' ]
  • name: "node3"
    dns: [ 'node3.elastic.ucti' ]
  • name: 'my-kibana'
    dns: [ 'kibana.ucti' ]
  • name: 'logstash'
    dns: [ 'logstash.ucti' ]

IF i do :
curl -v --cacert ca.crt https://logstash.ucti:5044

  • Rebuilt URL to: https://logstash.ucti:5044/
  • Trying 172.21.1.254...
  • TCP_NODELAY set
  • Connected to logstash.ucti (172.21.1.254) port 5044 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: ca.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to logstash.ucti:5044
  • stopped the pause stream!
  • Closing connection 0
    curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to logstash.ucti:5044

But this ca.crt works fine with curl elastic.node1.ucti and kibana.ucti for example

curl -v --cacert ca.crt https://kibana.ucti:5601

  • Rebuilt URL to: https://kibana.ucti:5601/
  • Trying 172.21.1.253...
  • TCP_NODELAY set
  • Connected to kibana.ucti (172.21.1.253) port 5601 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: ca.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: CN=my-kibana
  • start date: Oct 16 16:33:51 2019 GMT
  • expire date: Oct 15 16:33:51 2022 GMT
  • subjectAltName: host "kibana.ucti" matched cert's "kibana.ucti"
  • issuer: CN=Elastic Certificate Tool Autogenerated CA
  • SSL certificate verify ok.

GET / HTTP/1.1
Host: kibana.ucti:5601
User-Agent: curl/7.58.0
Accept: /

< HTTP/1.1 302 Found
< location: /login?next=%2F
< kbn-name: kibana
< kbn-xpack-sig: f41b69eb682d8c0c5b1087f7ba1c86bf
< cache-control: no-cache
< content-length: 0
< Date: Tue, 22 Oct 2019 08:34:37 GMT
< Connection: keep-alive
<

  • Connection #0 to host kibana.ucti left intact

Errors :
[2019-10-22T10:41:51,085][ERROR][logstash.inputs.beats ][main] Looks like you either have a bad certificate, an invalid key or your private key was not in PKCS8 format.
[2019-10-22T10:41:51,086][WARN ][io.netty.channel.ChannelInitializer][main] Failed to initialize a channel. Closing: [id: 0xb5cacbf2, L:/172.21.1.254:5044 - R:/172.21.1.250:38896]
java.lang.IllegalArgumentException: File does not contain valid private key: /etc/logstash/config/certs/logstash.pkcs8.key
Caused by: java.security.KeyException: could not find key file: /etc/logstash/config/certs/logstash.pkcs8.key
at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:114) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1015) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:268) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
... 20 more
[2019-10-22T10:42:00,193][WARN ][org.logstash.beats.Server][main] Exception caught in channel initializer
java.lang.IllegalArgumentException: File does not contain valid private key: /etc/logstash/config/certs/logstash.pkcs8.key

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.