Cannot receive logs from Filebeat in Logstash, SSL Problem

ngerpiel · July 16, 2020, 3:45pm

I have a problem with sending logs from filebeat to logstash node using ssl certificates.
The error I get is this:

javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE

My logstash input configuration is as follows:

    input { 
       beats {
         port => 8123
         ssl => true
         ssl_certificate_authorities => ["/path/to/some/ca/cert/CA.crt"]
         ssl_certificate => "/path/to/some/logstash/cert/logstash.crt"
         ssl_key => "/path/to/some/logstash/key/logstash.pkcs8.key"
         ssl_key_passphrase => "${LOGSTASH_KEY_PASS}"
         ssl_verify_mode => "peer"
       }
    }

My Filebeat output configuration is as follows:

    output.logstash:
       hosts: ["logstashloadbalancerdns:8123"]
       ssl.certificate_authorities: ["/path/to/some/ca/cert/CA.crt"]

When I try to curl Logstash I get the following:

    ~]$ curl -v --cacert /path/to/some/ca/cert/CA.crt https://logstash:8123
     About to connect() to logstash.elvicorp.com port 8123 (#0)
     *   Trying 172.16.16.16...
     * Connected to logstash.elvicorp.com (172.16.16.16) port 8123 (#0)
     * Initializing NSS with certpath: :/etc/pki/nssdb
     * Closing connection 0
     curl: (77) Problem with the SSL CA cert (path? access rights?)
    ~]$

Can somebody help me in this issue?

TimV · July 17, 2020, 11:06am

This Logstash config specifies that the client (beats) is required to send it's own certificate for client authentication.
Your beats config doesn't set up a certificate/key, so it fails.

grumo35 · July 17, 2020, 12:35pm

You need to add both ssl.certificate and ssl.key corresponding to your host.

system · August 14, 2020, 12:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.