I'm attempting to basically get encrypted comms going between Filebeat hosts and the Logstash server (encryption only, no client authentication). Filebeat, however, is not accepting the CA certificate. Here is my filebeat.yml config:
filebeat:
prospectors:
-
paths:
- /var/log/messages
input_type: log
registry_file: /var/lib/filebeat/registry
logging:
to_files: true
level: debug
files:
path: "/var/log"
name: filebeat_log
output:
logstash:
enabled: true
hosts:
- "logstashnode:5044"
tls:
disabled: false
certificate_authorities:
- "/etc/filebeat/cacert.crt"
Here's the debug output:
2015-12-14T17:01:36-05:00 DBG Disable stderr logging
2015-12-14T17:01:36-05:00 DBG Initializing output plugins
2015-12-14T17:01:36-05:00 INFO GeoIP disabled: No paths were set under output.geoip.paths
2015-12-14T17:01:36-05:00 ERR failed to initialize logstash plugin as output: file is not a certificate
2015-12-14T17:01:36-05:00 CRIT file is not a certificate
Running "openssl x509 -in /etc/filebeat/cacert.crt -text -noout" produces expected certificate output. I have also tried converting my PEM formatted CA cert to DER encoding but get the same result.
Any ideas?