Filebeat clients specified by ip addresses for 'force_peer'

Hello
I'm authenticating FileBeat clients on Logstash over ssl (ssl_verify_mode: force_peer).

I created self signed cert

../bin/elasticsearch-certutil ca --pem --silent --out ca.zip

then generated logstash and filebeat certs

elasticsearch-certutil cert --silent --pem --in instances.yml --ca-cert ca/ca.crt --ca-key ca/ca.key --out cert.zip

I created instances.yml und run elasticsearch-certutil with elasticsearch-certutil --in instances.yml ...

It works but the FileBeat clients are specified in instances.yml by their ip addresses.

  - name: logstash_unit1
    dns:
      - logstash
      - node1
      - localhost
  - name: filebeat
    dns:
      - node1
      - node2
      - localhost
    ip:
      - 161.222.72.115
      - 127.0.0.1

The FileBeat clients connects to logstash over proxy and their ip addresses can change.
Can i specify an address range instead of ip address?
How can i get rid of ip addresses for filebeat client certs?

Thank you
Peter

Could you try to just remove the IP addresses and rely only the dns names?

Removed the ips and it works. Seems like ssl client-auth doesn't need the ips.

BTW Elastic is awesome :wink:
Peter

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.