Does client verification require host based certificates?

When using ssl_verify_mode: force_peer for client verification with Filebeat, does the client certificate need to be issued to the specific host name/IP? I.e the CN is the host name of the node.

For example can I use (in a test/dev environment) one self-signed certificate for all of my four Filebeat nodes for client verification with a Logstash instance? Or do the certificates need to be issued to each node separately (CN = host1; CN = host2 etc)? I tried looking for an answer in the docs but could find any, sorry. Thanks!

That came up recently here. The name in the client certificiate is not checked.

1 Like

We also try to make sure this ends up in the documentation:


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.