Beats - x509: certificate signed by unknown authority


(Oliver Hough) #1

I am getting x509: certificate signed by unknown authority in Metricbeat logs while trying to ship to Logstash. On the same host though, Filebeat is able to ship logs successfully to the same Logstash server using the same SSL configuration.

My metricbeat.yml looks like this

  logstash:
    enabled: true
    hosts:
      - ${LOGSTASH_HOST}:5044
    timeout: 15
    ssl:
      certificate_authorities:
      - /etc/pki/tls/certs/logstash.crt

My filebeat.yml

  logstash:
    enabled: true
    hosts:
      - ${LOGSTASH_HOST}:5044
    timeout: 15
    ssl:
      certificate_authorities:
      - /etc/pki/tls/certs/logstash.crt

My 02-beats-input.conf on Logstash server

  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/logstash.crt"
    ssl_key => "/etc/logstash/logstash.key"
  }
}

Would appreciate if anyone could help with this.


(Andrew Cholakian) #2

Oliver, this is indeed strange. Is this the same version of filebeat and metricbeat?

Are there any other errors in the logs?


(Oliver Hough) #3

Turned out this was just Metricbeat using an out of date certificate, restarting it solved the issue.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.