Elastic Stack with Chain of certificates

Nikhil_Khurana · April 19, 2023, 6:28am

I want to enable Security when using Filebeat and Logstash. I have created a Root CA. This Root Certificate creates an Intermediate CA. The intermediate CA is then used to create and sign my client and sever certificates for Filebeat and Logstash.

Root CA -> Intermediate CA -> Client/Server Certificate.

How do I specify the configuration of Filebeat? Do I specify both Root and Intermediate CA in ssl_certificate_authorities ?

Or do I just specify Root CA and filebeat would look up in hierarchy and validate Intermediate and Root both.

mazoutte · April 25, 2023, 11:51am

Hello,
Just concatenate the 2 PEM files of the Intermediate and the ROOT CA into one file.

-----BEGIN CERTIFICATE-----
*PEM SUB CA*
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
*PEM ROOT CA*
-----END CERTIFICATE-----

Then indicate that file in your ssl_certificate_authorites.

Regards,

Nikhil_Khurana · April 26, 2023, 5:52pm

In case Root CA is trusted by my system, i.e. it is available in Trusted Root Certification Authorities of my system, do I still have to specify that Root either standalone or appended with Intermediate CA in ssl_certificate_authorities setting? Can I rely upon ELK stack to create a chain of Trust based on that?

system · May 24, 2023, 7:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash and filebeat are not working with my private CA system Beats	3	926	July 5, 2017
Filebeat & Logstash with intermediate CA (cert chain) Issues Beats filebeat	5	3499	November 29, 2017
Filebeat encrypted communication to Logstash Beats	3	369	July 31, 2020
How to configure Filebeat and Logstash 8.1 with TLS Logstash elastic-stack-security	3	898	May 8, 2022
Filebeat ca cert problem Beats filebeat	5	3259	July 5, 2017

Elastic Stack with Chain of certificates

Related topics