Ihjaz
September 12, 2017, 12:05pm
1
Hi,
I've enabled SSL between Filebeat and Logstash. I have the following configuration
input {
beats {
host => "10.129.179.39"
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/certs/first-cert.pem"
ssl_key => "/etc/logstash/certs/key.pk8"
}
}
The above configuration works and the logs are getting pushed from filebeat to logstash.
Is there a way I can pass the private key to logstash in an encrypted form ?
Ihjaz
September 12, 2017, 3:14pm
2
Hi,
I figured out that we can use ssl_key_passphrase to decrypt an encrypted private key.
ssl_key_passphrase => "admin"
But it seems like I need to give the passphrase in plain text as shown above and anyone who looks at this config file can see it.
Is there a way to hide this passphrase ?
Ihjaz
September 14, 2017, 4:29pm
3
Hi,
I have the following configuration now with ssl_key_passphrase.
input {
beats {
host => "10.129.179.39"
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/certs/first-cert.pem"
ssl_key => "/etc/logstash/certs/enc_key.p8"
ssl_key_passphrase => "admin"
}
}
I have encrypted key.p8 as follows with admin as key phrase.
openssl rsa -aes256 -in key.p8 -out enc_key.p8
But with the encrypted key file and passphrase configured, I am seeing the following error in logstash logs.
[2017-09-14T21:57:05,709][ERROR][logstash.inputs.beats ] Looks like you either have an invalid key or your private key was not in PKCS8 format.
Has anyone here run into this issue? Have you tried ssl_key_passphrase?
Ihjaz
September 21, 2017, 7:25am
4
Hi,
I figured this out. It has to be a PKCS#8 encryption. The ssl_key_passphrase works only for decrypting the PKCS#8 encryption.
openssl pkcs8 -in key.pem -topk8 -passout pass:admin -out p8key.pem
1 Like
system
October 19, 2017, 7:25am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.