Elastic Stack with Chain of certificates

Nikhil_Khurana · April 19, 2023, 6:28am

I want to enable Security when using Filebeat and Logstash. I have created a Root CA. This Root Certificate creates an Intermediate CA. The intermediate CA is then used to create and sign my client and sever certificates for Filebeat and Logstash.

Root CA -> Intermediate CA -> Client/Server Certificate.

How do I specify the configuration of Filebeat? Do I specify both Root and Intermediate CA in ssl_certificate_authorities ?

Or do I just specify Root CA and filebeat would look up in hierarchy and validate Intermediate and Root both.

mazoutte · April 25, 2023, 11:51am

Hello,
Just concatenate the 2 PEM files of the Intermediate and the ROOT CA into one file.

-----BEGIN CERTIFICATE-----
*PEM SUB CA*
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
*PEM ROOT CA*
-----END CERTIFICATE-----

Then indicate that file in your ssl_certificate_authorites.

Regards,

Nikhil_Khurana · April 26, 2023, 5:52pm

In case Root CA is trusted by my system, i.e. it is available in Trusted Root Certification Authorities of my system, do I still have to specify that Root either standalone or appended with Intermediate CA in ssl_certificate_authorities setting? Can I rely upon ELK stack to create a chain of Trust based on that?

system · May 24, 2023, 7:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.