Filebeat clients specified by ip addresses for 'force_peer'


#1

Hello
I'm authenticating FileBeat clients on Logstash over ssl (ssl_verify_mode: force_peer).

I created self signed cert

../bin/elasticsearch-certutil ca --pem --silent --out ca.zip

then generated logstash and filebeat certs

elasticsearch-certutil cert --silent --pem --in instances.yml --ca-cert ca/ca.crt --ca-key ca/ca.key --out cert.zip

I created instances.yml und run elasticsearch-certutil with elasticsearch-certutil --in instances.yml ...

It works but the FileBeat clients are specified in instances.yml by their ip addresses.

  - name: logstash_unit1
    dns:
      - logstash
      - node1
      - localhost
  - name: filebeat
    dns:
      - node1
      - node2
      - localhost
    ip:
      - 161.222.72.115
      - 127.0.0.1

The FileBeat clients connects to logstash over proxy and their ip addresses can change.
Can i specify an address range instead of ip address?
How can i get rid of ip addresses for filebeat client certs?

Thank you
Peter


(ruflin) #2

Could you try to just remove the IP addresses and rely only the dns names?


#3

Removed the ips and it works. Seems like ssl client-auth doesn't need the ips.

BTW Elastic is awesome :wink:
Peter


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.