I'm attempting to basically get encrypted comms going between Filebeat hosts and the Logstash server (encryption only, no client authentication). Filebeat, however, is not accepting the CA certificate. Here is my filebeat.yml config:
filebeat: prospectors: - paths: - /var/log/messages input_type: log registry_file: /var/lib/filebeat/registry logging: to_files: true level: debug files: path: "/var/log" name: filebeat_log output: logstash: enabled: true hosts: - "logstashnode:5044" tls: disabled: false certificate_authorities: - "/etc/filebeat/cacert.crt"
Here's the debug output:
2015-12-14T17:01:36-05:00 DBG Disable stderr logging 2015-12-14T17:01:36-05:00 DBG Initializing output plugins 2015-12-14T17:01:36-05:00 INFO GeoIP disabled: No paths were set under output.geoip.paths 2015-12-14T17:01:36-05:00 ERR failed to initialize logstash plugin as output: file is not a certificate 2015-12-14T17:01:36-05:00 CRIT file is not a certificate
Running "openssl x509 -in /etc/filebeat/cacert.crt -text -noout" produces expected certificate output. I have also tried converting my PEM formatted CA cert to DER encoding but get the same result.