Does client verification require host based certificates?

sjne · April 28, 2020, 7:27pm

When using ssl_verify_mode: force_peer for client verification with Filebeat, does the client certificate need to be issued to the specific host name/IP? I.e the CN is the host name of the node.

For example can I use (in a test/dev environment) one self-signed certificate for all of my four Filebeat nodes for client verification with a Logstash instance? Or do the certificates need to be issued to each node separately (CN = host1; CN = host2 etc)? I tried looking for an answer in the docs but could find any, sorry. Thanks!

Badger · April 28, 2020, 10:18pm

That came up recently here. The name in the client certificiate is not checked.

Luca_Belluccini · April 28, 2020, 10:47pm

We also try to make sure this ends up in the documentation: https://github.com/logstash-plugins/logstash-input-beats/issues/317

system · May 26, 2020, 10:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.