Error when config logstash to connect to elasticsearch with TLS basic security

Hi, anyone can help me? I have Elasticsearch cluster with basic security enabled, and i want to send some csv data through logstash which i installed it later after Elasticsearch. so i followed this instruction Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash | Elastic Blog, But i got this error when i run command

./logstash --debug

this is the log generated

{"level":"ERROR","loggerName":"logstash.licensechecker.licensereader","timeMillis":1645615253634,"thread":"LogStash::Runner","logEvent":{"message":"Unable to retrieve license information from license server","message":"Elasticsearch Unreachable: [https://logstash_system:xxxxxx@10.27.3.218:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors"}}
{"level":"DEBUG","loggerName":"logstash.licensechecker.licensemanager","timeMillis":1645615253644,"thread":"LogStash::Runner","logEvent":{"message":"updating observers of xpack info change"}}
{"level":"DEBUG","loggerName":"logstash.monitoring.internalpipelinesource","timeMillis":1645615253668,"thread":"LogStash::Runner","logEvent":{"message":"updating licensing state installed:false,\n          license:<no license loaded>,\n          features:<no features loaded>,\n          last_updated:}"}}
{"level":"ERROR","loggerName":"logstash.monitoring.internalpipelinesource","timeMillis":1645615253677,"thread":"LogStash::Runner","logEvent":{"message":"Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster."}}
{"level":"DEBUG","loggerName":"logstash.config.sourceloader","timeMillis":1645615253679,"thread":"LogStash::Runner","logEvent":{"message":"Adding source","source":"#<LogStash::Monitoring::InternalPipelineSource:0x75ab999f>"}}
{"level":"INFO","loggerName":"logstash.agent","timeMillis":1645615254026,"thread":"Api Webserver","logEvent":{"message":"Successfully started Logstash API endpoint","port":9600}}
{"level":"DEBUG","loggerName":"org.reflections.Reflections","timeMillis":1645615254674,"thread":"Converge PipelineAction::Create<difo>","logEvent":{"message":"going to scan these urls:\njar:file:/pbnosql1/appl/logstash-7.14.2/logstash-core/lib/jars/logstash-core.jar!/"}}
{"level":"INFO","loggerName":"org.reflections.Reflections","timeMillis":1645615254754,"thread":"Converge PipelineAction::Create<difo>","logEvent":{"message":"Reflections took 79 ms to scan 1 urls, producing 120 keys and 417 values "}}
{"level":"DEBUG","loggerName":"logstash.instrument.periodicpoller.jvm","timeMillis":1645615267335,"thread":"pool-5-thread-1","logEvent":{"message":"collector name","name":"ParNew"}}
{"level":"DEBUG","loggerName":"logstash.instrument.periodicpoller.jvm","timeMillis":1645615267335,"thread":"pool-5-thread-1","logEvent":{"message":"collector name","name":"ConcurrentMarkSweep"}}
^[{"level":"DEBUG","loggerName":"logstash.outputs.elasticsearch","timeMillis":1645615270229,"thread":"Ruby-0-Thread-11: :1","logEvent":{"message":"Waiting for connectivity to Elasticsearch cluster, retrying in 16s"}}
{"level":"DEBUG","loggerName":"logstash.outputs.elasticsearch","timeMillis":1645615271261,"thread":"Ruby-0-Thread-10: :1","logEvent":{"message":"Running health check to see if an ES connection is working","url":"https://difo:xxxxxx@10.27.3.218:9200/","path":"/"}}
{"level":"WARN","loggerName":"logstash.outputs.elasticsearch","timeMillis":1645615271296,"thread":"Ruby-0-Thread-10: :1","logEvent":{"message":"Attempted to resurrect connection to dead ES instance, but got an error","url":"https://difo:xxxxxx@10.27.3.218:9200/","exception":{"metaClass":{"metaClass":{"exception":"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError","message":"Elasticsearch Unreachable: [https://difo:xxxxxx@10.27.3.218:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors"}}}}}

this is my logstash.yml

# ------------  Node identity ------------
node.name: logstash01
# ------------ Pipeline Settings --------------
pipeline.ordered: false
# ------------ HTTP API Settings -------------
http.host: 10.27.3.221
http.port: 9600
# ------------ Debugging Settings --------------
log.format: json
# ------------ X-Pack Settings (not applicable for OSS build)--------------
#
# X-Pack Monitoring
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: Bcabca01
xpack.monitoring.elasticsearch.hosts: ["https://10.27.3.218:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/pbnosql1/appl/logstash-7.14.2/config/certs/ca.crt"
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate

and this my logstash config

input {
  file {
    path => "/pbnosql1/data/difo/difo.csv"
    start_position => "beginning"
  }
}
filter {
  csv {
    columns => [
      "Transaction_Name",
      "Channel_Name",
      "Reference_Number",
      "Account_Number",
      "Customer_Number",
      "Customer_Name",
      "Transaction_Date",
      "Source"
    ]
    separator => ","
  }
  mutate {
    convert => {
      "Customer_Number" => "string"
      "Account_Number" => "string"
    }
  }
  date{
    match => [ "Transaction_Date",      "yyyy-MM-dd HH:mm:ss.SSS",
                                        "yyyy-MM-dd HH:mm:ss,SSS",
                                        "yyyy-MM-dd HH:mm:ss",
                                        "yyyy-MM-dd HH:mm:ss.SSSZ",
                                        "MMM D, yyyy HH:mm:ss.SSS a z",
                                        "ISO8601",
                                        "dd/MM/yyyy"]
    #target => "time" @timestamp
    locale => "en"
    timezone => "Asia/Jakarta"
  }
}
output {
  elasticsearch {
    hosts=> ["https://10.27.3.218:9200"]
    ssl => true
    ssl_certificate_verification => true
    cacert => '/pbnosql1/appl/logstash-7.14.2/config/certs/ca.crt'
    user => difo
    password => difoapp
    index => "difo_sample"
  }
}

I have tried generate new certificate for this logstash01 using Elasticsearch-certutil and Elasticsearch-certgen, also i have tried to use the first Elasticsearch ca.crt. But still can't work properly. Any suggestion to solve this problem? Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.