In this guide, specifically the section for configuring Logstash to receive secure communications using an SSL certificate, we experienced difficulty getting this setup and were actually only able to get the server to start without errors after importing the internally-distributed certificate's CA chain into the Java keystore used by Logstash.
To do this import I did:
/usr/share/logstash/jdk/bin/keytool -importcert -noprompt -cacerts -trustcacerts -file /path/to/chain.pem -alias chain.pem
This was on a CentOS 7 system running Logstash 7.11.1
I chose not to update the documentation directly because I am not positive I have a full understanding of the dependencies in this scenario.