openssl genrsa -out cakey.pem 2048
openssl req -x509 -new -nodes -key cakey.pem -sha256 -days 3650 -out cacert.pem
openssl req -newkey rsa:2048 -keyout server.key -nodes -config openssl.cnf -out server.csr
openssl ca -config openssl.cnf -keyfile cakey.pem -cert cacert.pem -outdir . -out server.crt -infiles server.csr
openssl req -newkey rsa:2048 -keyout client.key -nodes -config openssl.cnf -out client.csr
openssl ca -config openssl.cnf -keyfile cakey.pem -cert cacert.pem -outdir . -out client.crt -infiles client.csr.
I am following above steps to create cakey.pem, cacert.pem files and server,client key,cert pairs.
Following is my logstash config
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/sc/old/logstash-2.3.2/cacert.pem"]
ssl_certificate => "/sc/old/logstash-2.3.2/server.crt"
ssl_key => "/sc/old/logstash-2.3.2/server.key"
ssl_verify_mode => "force_peer"
}
}
output {
stdout { }
}
Following is my filebeat.yml file
filebeat:
prospectors:
-
paths:
- /sc/log/info.log
fields:
hostip: "10.10.35.180"
cloudname: "cloud.net"
document_type: info_Etc/GMT+0
output:
logstash:
hosts: ["ls1.analytics.net:5044"]
tls:
certificate_authorities: ["/sc/filebeat/cacert.pem"]
certificate: "/sc/filebeat/client.crt"
certificate_key: "/sc/filebeat/client.key"
logging:
to_syslog: false
to_files: true
files:
path: /sc/log
name: filebeat.log
rotateeverybytes: 10485760
keepfiles: 7
level: debug
When i try to run filebeat, I am facing with the error :
ERR SSL client failed to connect with: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: insecure algorithm MD5-RSA" while trying to verify candidate authority certificate
I didnt mentioned that particular algorithm anywhere. I dont know how is it picking, Is there a way to modify this or get filebeat work with ssl with someother algorithm.