I have a scenario where we have multiple distributed Filebeat instances sending logs to Logstash. I would like to use force_peer authentication to verify the client certificates that were signed by a self signed authority. I would like to be able to revoke these certificates at will to later prevent unauthorized/rogue Filebeat clients from establishing a connection to this Logstash instance. I am having trouble getting Logstash to work with a certificate revocation list. Is this something that is even possible to do? Thanks in advance!
I would believe force_peer to be enough in this situation. What the param does is, it will make the server ask the client to provide a certificate. If the client doesn’t provide a certificate, the connection will be closed.
I have not seen or heard of any CRL setup recently. If really needed it could set one up with a proxy to deny access to clients that are no longer trusted.
Sounds like a good problem to solve.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.