Hello, recently I've been practicing setting up ELK 8.9.
My target architecture looks like this: Filebeat -> Logstash -> ES <- Kibana. I encountered difficulties when configuring encryption.
Currently, my architecture is Filebeat -> ES -> Kibana. However, I faced issues when configuring SSL. ES and Kibana are on the same machine, while Filebeat is on another machine.
After installing ES, the system generates an http_ca.crt to verify if ES is operating correctly. So, I copied http_ca.crt to my computer to check if an external connection is possible. However, I found that when I changed "localhost" to an IP address, I received a certificate hostname mismatch error.
Strangely, when I performed the same operation within Filebeat's configuration, it could successfully send data to ES. I originally expected Filebeat not to work because using http_ca.crt should also result in a hostname mismatch. I would like to know the reason for this.
And also I want to know about docs
http_ca.crt
The CA certificate that is used to sign the certificates for the HTTP layer of this Elasticsearch cluster.
Is the certificate on the HTTP layer equal to HTTPS?
If I change it to the architecture I want: Filebeat -> Logstash -> ES <- Kibana
There is an https_ca.crt root certificate on ES. When using Logstash to authenticate HTTPS with the https_ca.crt root certificate (similar to Filebeat), it seems fine. But if I want to encrypt the communication between Filebeat and Logstash, where the server side becomes Logstash, do I need to use OpenSSL on Logstash to generate a new root certificate and then use that root certificate to sign a certificate for Filebeat to enable encryption between Filebeat and Logstash?
