Filebeat and Logstash certificate and key


(Fjiang212) #1

I follow the doc (https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04) to generate certificate and private key, then use them in both filebeat and logstash to make the TSL connection work. But I am still confuse here:

  • Why the filebeat and logstash use the same certificate here, Originally I thought client and server have different certificate: client.crt and server.crt
  • Why we copy server private key file to filebeat. I always think we should keep private key on the server side only.
  • Does it mean in this case we only verify logstash not filebeat

Could someone knowing TLS shed some light on it? Or explain how TLS work here.

Thanks


(Steffen Siering) #2

I didn't read through this tutorial, but:

  1. do not copy the private file. It's called private for a reason
  2. When you're using self-signed certificates (no CA), the client needs to have certificate in its CA list. Using certificate-authorities, the client only requires the CAs certificate to verify the server certificate (this is how it should be done when managing multiple servers). For testing and simple setups self-signed certificates are a little more convenient
  3. I didn't see any client certificate configured for client-authentication. This means, filebeat will check logstash being ok, but not the other way around.

(system) #3

This topic was automatically closed after 21 days. New replies are no longer allowed.