Hi,
I've used this commands to generate CA and Cert:
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
But in logstash and beats a p12 is not supported and I MUST use
ssl.certificate_authorities: ["/etc/ca.crt"]
ssl.certificate: "/etc/client.crt"
ssl.key: "/etc/client.key"
So what is the command that I should use to generate:
1- ca.crt
2- client.crt
3- client.key
P.S: The CA and CERT are password protected
Please help.
Regards,
You don't need
ssl.certificate: "/etc/client.crt"
ssl.key: "/etc/client.key"
unless you want to configure mutual TLS authentication between logstash and elasticsearch. If you just want to authenticate logstash to elasticsearch with a username and password and only need that logstash can verify the certificate of elasticsearch, keep only
ssl.certificate_authorities: ["/etc/ca.crt"]
You can get that from elastic-stack-ca.p12 with openssl as follows:
openssl pkcs12 -in elastic-stack-ca.p12 -clcerts -nokeys | sed '/-----BEGIN CERTIFICATE-----/,$!d'> ca.crt
Many thanks, Worked fine!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.