ELK SSL config problem

Hello, recently I've been practicing setting up ELK 8.9.

My target architecture looks like this: Filebeat -> Logstash -> ES <- Kibana. I encountered difficulties when configuring encryption.

Currently, my architecture is Filebeat -> ES -> Kibana. However, I faced issues when configuring SSL. ES and Kibana are on the same machine, while Filebeat is on another machine.

After installing ES, the system generates an http_ca.crt to verify if ES is operating correctly. So, I copied http_ca.crt to my computer to check if an external connection is possible. However, I found that when I changed "localhost" to an IP address, I received a certificate hostname mismatch error.

Strangely, when I performed the same operation within Filebeat's configuration, it could successfully send data to ES. I originally expected Filebeat not to work because using http_ca.crt should also result in a hostname mismatch. I would like to know the reason for this.

And also I want to know about docs

The CA certificate that is used to sign the certificates for the HTTP layer of this Elasticsearch cluster.

Is the certificate on the HTTP layer equal to HTTPS?

If I change it to the architecture I want: Filebeat -> Logstash -> ES <- Kibana
There is an https_ca.crt root certificate on ES. When using Logstash to authenticate HTTPS with the https_ca.crt root certificate (similar to Filebeat), it seems fine. But if I want to encrypt the communication between Filebeat and Logstash, where the server side becomes Logstash, do I need to use OpenSSL on Logstash to generate a new root certificate and then use that root certificate to sign a certificate for Filebeat to enable encryption between Filebeat and Logstash?

I've slove my problem.

I don't know know to close the problem. :slight_smile:

Hi @p81061473525

can you share your solution for others to learn from it?

The topic will close on it's own.


It's knwoledge for cacert .
filebeat has four certificate mode.

You can see detail in the following URL

And , You can chose certificate mode to ignore Subject Alternative Name error.

But I don't know how to let curl command to ignore Subject Alternative Name , ( Not --insecure / -k , I think the two parameter is ignore certificate ),

So , the original question behavior is current.
Because curl detect Subject Alternative Name . But filebeat can ignore that.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.