Filebeat ca cert problem

I'm attempting to basically get encrypted comms going between Filebeat hosts and the Logstash server (encryption only, no client authentication). Filebeat, however, is not accepting the CA certificate. Here is my filebeat.yml config:

        - /var/log/messages
      input_type: log
  registry_file: /var/lib/filebeat/registry
  to_files: true
  level: debug
    path: "/var/log"
    name: filebeat_log
    enabled: true
      - "logstashnode:5044"
      disabled: false
        - "/etc/filebeat/cacert.crt"

Here's the debug output:

2015-12-14T17:01:36-05:00 DBG  Disable stderr logging
2015-12-14T17:01:36-05:00 DBG  Initializing output plugins
2015-12-14T17:01:36-05:00 INFO GeoIP disabled: No paths were set under output.geoip.paths
2015-12-14T17:01:36-05:00 ERR failed to initialize logstash plugin as output: file is not a certificate
2015-12-14T17:01:36-05:00 CRIT file is not a certificate

Running "openssl x509 -in /etc/filebeat/cacert.crt -text -noout" produces expected certificate output. I have also tried converting my PEM formatted CA cert to DER encoding but get the same result.

Any ideas?

Does your certificate file have BEGIN and END markers?

base64-encoded Bytes

Yes. As far as I can tell, the CA certificate is valid and syntactically correct as it's used in other circumstances (such as encrypted rsyslog traffic, LDAP TLS, etc.). Also verified that it has not expired (good through 2023).

Are there perhaps specific X509v3 extensions that Filebeat is looking for (besides "CA: TRUE") that I may be missing?

The "file is not a certificate" message is generated here.

It looks like this golang method is not decoding your cert.

You could try your certificate here. Just replace the cert text and click Run.

Bingo.........thanks a million! Apparently, my "RSA modulus is not a positive number" (more details here: Looks like I'll be regenerating a more RSA modulus-friendly CA cert.