Filebeat clients specified by ip addresses for 'force_peer'


I'm authenticating FileBeat clients on Logstash over ssl (ssl_verify_mode: force_peer).

I created self signed cert

../bin/elasticsearch-certutil ca --pem --silent --out

then generated logstash and filebeat certs

elasticsearch-certutil cert --silent --pem --in instances.yml --ca-cert ca/ca.crt --ca-key ca/ca.key --out

I created instances.yml und run elasticsearch-certutil with elasticsearch-certutil --in instances.yml ...

It works but the FileBeat clients are specified in instances.yml by their ip addresses.

  - name: logstash_unit1
      - logstash
      - node1
      - localhost
  - name: filebeat
      - node1
      - node2
      - localhost

The FileBeat clients connects to logstash over proxy and their ip addresses can change.
Can i specify an address range instead of ip address?
How can i get rid of ip addresses for filebeat client certs?

Thank you

(ruflin) #2

Could you try to just remove the IP addresses and rely only the dns names?


Removed the ips and it works. Seems like ssl client-auth doesn't need the ips.

BTW Elastic is awesome :wink:

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.