Configure beats to reload certificates?

fgjensen · May 30, 2022, 6:56pm

We deploy most beattypes to hosts managed by different service providers. The beats ships data to Logstash beats endpoints protected with TLS and firewalls. This setup works very well.

However, changing expired TLS certificates may impose some problems, since either the beats and/or the firewalls cache the TLS certificate, so Logstash validates a certificate to be expired even though it has been replaced by a new certificate.

If the certificate is cached on the beats host a restart of the beats fixes the problem. However, this not an elegant solution. How can I configure a beat to detect if the key/certificate must be reloaded?

Best regards
Flemming

ibra_013 · June 1, 2022, 10:20am

Hi,

Interested in the answer.

fgjensen · June 3, 2022, 6:25am

Perhaps it is not possible from the beats, but we could to it with apt and chocolatey when the beats are deployed.

BR Flemming

system · July 1, 2022, 8:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.