Debug errors between filebeat and logstash


#1

I have set up mutual auth for the connection between filebeat and logstash. However, I am getting some errors .

Here is my logstash config:

  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/home/monitor/ca/rootCA.pem"]
    ssl_certificate => "/home/monitor/ca/davos.crt"
    ssl_key => "/home/monitor/ca/davos.key"
    ssl_verify_mode => "force_peer"
#    ssl_verify_mode => "none"
  }

Filebeat config:

  certificate_authorities: ["/etc/filebeat/rootCA.crt"]

  # Certificate for TLS client authentication
  certificate: "/etc/filebeat/client1.crt"

  # Client Certificate Key
  certificate_key: "/etc/filebeat/client1.key"

I am able to transfer the data and no errors come out except for when I try to validate the certificate of the client side I receive:

curl -v --cacert rootCA.pem https://myip:5044

[2018-02-14T22:00:48,635][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:5044, remote: publicip:18757] Exception: javax.net.ssl.SSLHandshakeException: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE

Thanks for any help

A thought: is this error supposed to occur because with the curl I am not sending my client certificate?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.