Cannot receive logs from Filebeat in Logstash, SSL Problem

I have a problem with sending logs from filebeat to logstash node using ssl certificates.
The error I get is this:

javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE

My logstash input configuration is as follows:

    input { 
       beats {
         port => 8123
         ssl => true
         ssl_certificate_authorities => ["/path/to/some/ca/cert/CA.crt"]
         ssl_certificate => "/path/to/some/logstash/cert/logstash.crt"
         ssl_key => "/path/to/some/logstash/key/logstash.pkcs8.key"
         ssl_key_passphrase => "${LOGSTASH_KEY_PASS}"
         ssl_verify_mode => "peer"
       }
    }

My Filebeat output configuration is as follows:

    output.logstash:
       hosts: ["logstashloadbalancerdns:8123"]
       ssl.certificate_authorities: ["/path/to/some/ca/cert/CA.crt"]

When I try to curl Logstash I get the following:

    ~]$ curl -v --cacert /path/to/some/ca/cert/CA.crt https://logstash:8123
     About to connect() to logstash.elvicorp.com port 8123 (#0)
     *   Trying 172.16.16.16...
     * Connected to logstash.elvicorp.com (172.16.16.16) port 8123 (#0)
     * Initializing NSS with certpath: :/etc/pki/nssdb
     * Closing connection 0
     curl: (77) Problem with the SSL CA cert (path? access rights?)
    ~]$ 

Can somebody help me in this issue?

This Logstash config specifies that the client (beats) is required to send it's own certificate for client authentication.
Your beats config doesn't set up a certificate/key, so it fails.

You need to add both ssl.certificate and ssl.key corresponding to your host.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.