Beats - x509: certificate signed by unknown authority

Oliver_Hough · October 25, 2018, 11:17am

I am getting x509: certificate signed by unknown authority in Metricbeat logs while trying to ship to Logstash. On the same host though, Filebeat is able to ship logs successfully to the same Logstash server using the same SSL configuration.

My metricbeat.yml looks like this

  logstash:
    enabled: true
    hosts:
      - ${LOGSTASH_HOST}:5044
    timeout: 15
    ssl:
      certificate_authorities:
      - /etc/pki/tls/certs/logstash.crt

My filebeat.yml

  logstash:
    enabled: true
    hosts:
      - ${LOGSTASH_HOST}:5044
    timeout: 15
    ssl:
      certificate_authorities:
      - /etc/pki/tls/certs/logstash.crt

My 02-beats-input.conf on Logstash server

  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/logstash.crt"
    ssl_key => "/etc/logstash/logstash.key"
  }
}

Would appreciate if anyone could help with this.

Andrew_Cholakian1 · October 29, 2018, 6:30pm

Oliver, this is indeed strange. Is this the same version of filebeat and metricbeat?

Are there any other errors in the logs?

Oliver_Hough · November 9, 2018, 11:11am

Turned out this was just Metricbeat using an out of date certificate, restarting it solved the issue.

system · December 7, 2018, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.