Hello, recently I've been practicing setting up ELK 8.9.
My target architecture looks like this: Filebeat -> Logstash -> ES <- Kibana. I encountered difficulties when configuring encryption.
Currently, my architecture is Filebeat -> ES -> Kibana. However, I faced issues when configuring SSL. ES and Kibana are on the same machine, while Filebeat is on another machine.
After installing ES, the system generates an
http_ca.crt to verify if ES is operating correctly. So, I copied
http_ca.crt to my computer to check if an external connection is possible. However, I found that when I changed "localhost" to an IP address, I received a certificate hostname mismatch error.
Strangely, when I performed the same operation within Filebeat's configuration, it could successfully send data to ES. I originally expected Filebeat not to work because using
http_ca.crt should also result in a hostname mismatch. I would like to know the reason for this.
And also I want to know about docs
The CA certificate that is used to sign the certificates for the HTTP layer of this Elasticsearch cluster.
Is the certificate on the HTTP layer equal to HTTPS?
If I change it to the architecture I want: Filebeat -> Logstash -> ES <- Kibana
There is an https_ca.crt root certificate on ES. When using Logstash to authenticate HTTPS with the https_ca.crt root certificate (similar to Filebeat), it seems fine. But if I want to encrypt the communication between Filebeat and Logstash, where the server side becomes Logstash, do I need to use OpenSSL on Logstash to generate a new root certificate and then use that root certificate to sign a certificate for Filebeat to enable encryption between Filebeat and Logstash?