Certificate signed by unknown authority

(uentin) #1

Hello,

sorry for my rough English.

I have a problem with filebeat.

I have a VPS server with logstash and another server with a file beat agent to perform tests

When I look at the filebeat logs I have this error:

ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://myserver.elk.net:5044)): x509: certificate signed by unknown authority.

here is my logstash configuration:

   beats
    {
        host => "0.0.0.0"
        port => 5044
        ssl => true
        ssl_certificate_authorities => ["/etc/elk-certs/elk-ssl.crt"]
        ssl_certificate => "/etc/elk-certs/elk-ssl.crt"
        ssl_key => "/etc/elk-certs/elk-ssl.key"
        ssl_verify_mode => "force_peer"
    }

And my config Filebeat :

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["myserver.elk.net:5044"]
  ssl.certificate_authorities: ["/etc/elk-certs/elk-ssl.crt"]
  ssl.certificate: "/etc/elk-certs/elk-ssl.crt"
  ssl.key: "/etc/elk-certs/elk-ssl.key"
  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

That's how I created my SSL certificate on my server logstash:

sudo mkdir -p /etc/elk-certs
cd /etc/elk-certs
sudo openssl req -subj '/CN=myserver.elk.net/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout elk-ssl.key -out elk-ssl.crt
chown logstash elk-ssl.crt
chown logstash elk-ssl.key

I then recreate the same tree on the filebeat server

Thanks for reading me.
If you have any tips thank you in advance!
See you soon

(system) closed #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.