Beats stopped working after enabled TLS/SSL on Elasticsearch and Kibana

Winlogbeat,packetbeat,auditbeat stopped working right after enabling TLS/SSL between Elasticsearch and Kibana. Attached image is my configuration for winlogbeat.yml. I tried putting https also but it is not working. Do I required to give SSL/TLS certificate to each client(host) ?

Also, I activated API and tried doing authentication through API id:key but no success.

The following guide can help you with configuring TLS for all of the Beats you are using: https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-ssl.html

Let me know if you need more guidance.

I checked that documentation, I am not sure which files I should put there in ssl.certificate and ssl.key because I got only two files(http.p12 andelasticsearch-ca.pem ) while generating certificates for kibana and elasticsearch

@kvch can you help on this ?

Hi,
You can generate ca.crt certificate and use it like below

output.elasticsearch:
  hosts: ["node-1:9200"]
  ssl.certificate_authorities: "C:/ProgramData/Elastic/Beats/winlogbeat/ca.crt"
  protocol: "https"
  username: "elastic"
  password: "ChangeMe"
1 Like

I tried this but not working.

This is resolved. I stopped my all beats agent to verify ssl certificate all the time. It will accept any certificate happily by adding ssl.verification_mode: none in all winlogbeat.yml,packetbeat.yml,auditbeat.yml.

Note : this is for development purpose only, please dont use it in production stack.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.