Winlogbeat,packetbeat,auditbeat stopped working right after enabling TLS/SSL between Elasticsearch and Kibana. Attached image is my configuration for winlogbeat.yml. I tried putting https also but it is not working. Do I required to give SSL/TLS certificate to each client(host) ?
Also, I activated API and tried doing authentication through API id:key but no success.
The following guide can help you with configuring TLS for all of the Beats you are using: https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-ssl.html
Let me know if you need more guidance.
I checked that documentation, I am not sure which files I should put there in ssl.certificate and ssl.key because I got only two files(http.p12 andelasticsearch-ca.pem ) while generating certificates for kibana and elasticsearch
Hi,
You can generate ca.crt certificate and use it like below
output.elasticsearch:
hosts: ["node-1:9200"]
ssl.certificate_authorities: "C:/ProgramData/Elastic/Beats/winlogbeat/ca.crt"
protocol: "https"
username: "elastic"
password: "ChangeMe"
I tried this but not working.
This is resolved. I stopped my all beats agent to verify ssl certificate all the time. It will accept any certificate happily by adding ssl.verification_mode: none in all winlogbeat.yml,packetbeat.yml,auditbeat.yml.
Note : this is for development purpose only, please dont use it in production stack.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.