I am testing SSL from 7.x Beats clients to logstash. Logstash is configured for a wildcard cert to my domain, call it *.acme.com. Connection works fine if Beats is configured to use a FQDN entry in the output, like log.acme.com. But I have remote locations where I can't control DNS, so I currently use just IP's for the Beats output to logstash. The Beats output is thus like:
output.logstash:
hosts: ["10.1.1.100:5045", "log.acme.com:5045"]
ssl.enabled: true
ssl:
verification_mode: none
client_authentication: none
This fails for the 10.1.1.100 logger but not the FQDN host. This is the beats log: x509: cannot validate certificate for 10.1.1.100 because it doesn't contain any IP SANs.
This is tcpdump from logstash org.logstash.beats.BeatsHandler][main][[local: 10.1.1.100:5045, remote: 10.1.1.2:5782] Handling exception: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate (caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate)
Per the description at Configure SSL | Winlogbeat Reference [7.17] | Elastic,
ssl:
verification_mode: none
SHOULD allow this to work but it definitely is not. Of course, Elastic provides no examples so I can't tell if there might be a syntax issue or what.
Can anyone tell me if this SHOULD work and/or if there is a fix for it?
Thanks