Configure beats to reload certificates?

We deploy most beattypes to hosts managed by different service providers. The beats ships data to Logstash beats endpoints protected with TLS and firewalls. This setup works very well.

However, changing expired TLS certificates may impose some problems, since either the beats and/or the firewalls cache the TLS certificate, so Logstash validates a certificate to be expired even though it has been replaced by a new certificate.

If the certificate is cached on the beats host a restart of the beats fixes the problem. However, this not an elegant solution. How can I configure a beat to detect if the key/certificate must be reloaded?

Best regards
Flemming

Hi,

Interested in the answer.

Perhaps it is not possible from the beats, but we could to it with apt and chocolatey when the beats are deployed.

BR Flemming

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.