Hey everyone,
I want to establish a connection with SSL between Filebeat and Logstash according to this. Filebeat runs natively whereas Logstash is running in a Docker container. I converted my keys to the PKCS8 format, using the command:
openssl pkcs8 -topk8 -inform PEM -outform PEM -in infile.key -out outfile.pkcs8.key -nocrypt
But in Filebeat I get the error:
Failed to connect to backoff(async(tcp://logstash.domain.de:5045)): x509: certificate specifies an incompatible key usage
and in Logstash as soon as Filebeat tries to connect:
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
I also tried a traditional PEM key in Filebeat with the same result.
This is my configuration:
input.conf:
input {
beats {
port => 5045
ssl => true
ssl_certificate_authorities => ["/usr/share/logstash/config/certs/cacert.pem"]
ssl_certificate => "/usr/share/logstash/config/certs/cert.pem"
ssl_key => "/usr/share/logstash/config/certs/key.pkcs8.key"
# deactivated for now
ssl_verify_mode => "none"
client_inactivity_timeout => 120
}
}
filebeat.yml:
output.logstash:
# The Logstash hosts
hosts: ["logstash.domain.de:5045"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/certs/cacert.pem"]
# Certificate for SSL client authentication
ssl.certificate: "/etc/certs/cert.pem"
# Client Certificate Key
ssl.key: "/etc/certs/key.pkcs8.key"
I use the same certificates and keys to communicate with my Elasticsearch cluster with no problems, so they should be okay. The only difference is the PKCS8 format used here.
Thanks a lot for any help!