I am using a self signed client certificate and configuring the same in my lumberjack output plugin. However, when my logstash forwarder on the client machines tries to talk to the logstash aggregator I am getting the following error:
"OpenSSL::SSL::SSLError: Socket closed>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:215:in `connect'""
What's do the Logstash configurations look like (both instances)? Is there anything in the log of the receiving Logstash?
Thanks for checking back with me. I added the certificates to the list of accepted CAs using keytool and also
made sure the client certificate contained the IP address of the logstash forwarder which I was using to emit the logstash entries through lumberjack and it worked.
I have a followup question though. We are using this setup in AWS environment and since the IP addresses are
dynamic how do I manage client certificates. It seems lumberjack plugin requires client side certificates. It is not
optional.
It seems lumberjack plugin requires client side certificates.
No. What gives you that idea?
Magnus,
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-lumberjack.html
I saw that "ssl_certificate" is required. Can you please give more insight into what this certificate represents.
That's the server's certificate, not the client's.
Magnus,
I just want to make sure I understand. The log stash lumberjack input plugin has a server certificate.
Log stash lumberjack output plugin (the forwarder) also needs to have the exact same server certificate.
Is this right? I thought the output plugin would have the client certificate if we needed bidirectional authentication.
I just want to make sure I understand. The log stash lumberjack input plugin has a server certificate.
Log stash lumberjack output plugin (the forwarder) also needs to have the exact same server certificate.
Yes. This allows the client to authenticate the server it's connecting to.
I thought the output plugin would have the client certificate if we needed bidirectional authentication.
Bidirectional authentication isn't supported.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.