I'm trying to get filebeat to send encrypted data to logstash.
In filebeat.yml, this is my output.logstash:
output.logstash:
hosts: ["91.242.11.220:5044"] # Not the real IP
ssl.enabled: true
ssl.certificate_authorities: ["/etc/elk/certs/ca.crt"] # Same as ca.crt in logstah config
ssl.certificate: "/etc/elk/beatcert/beats.crt"
ssl.key: "/etc/elk/beatcert/beats.key"
ssl.key_passphrase: "password" #Not the real password
ssl.verification_mode: full
Logstash's config:
input{ beats{
port => 5044
ssl => true
ssl_certificate_authorities => ["/usr/share/elasticsearch/ca/ca.crt"] # Same as ca.crt in filebeat.yml
ssl_certificate => "/usr/share/elasticsearch/elk/elk.crt"
ssl_key => "/usr/share/elasticsearch/elk/elkpkcs8.key"
ssl_key_passphrase => "password" # Not the real password
ssl_verify_mode => "force_peer"
}}
When I start filebeat, I get this error:
2020-07-30T12:54:10.082Z ERROR [publisher_pipeline_output] pipeline/output.go:155 Failed to connect to backoff(async(tcp://91.242.11.220:5044)): x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Elastic Certificate Tool Autogenerated CA")
Does anyone happen to know what's wrong? Huge thanks ahead.