Hi all,
I have an intermediate CA sign the certs for the filebeat client. I have entered the chain file in logstash configuration for the filebeat input stanza in the certificates-authorities entry.
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/usr/local/share/ca-certificates/MySubCA-chain.pem"]
ssl_certificate => "/etc/ssl/certs/logger.abc.co.za.co.za.pem"
ssl_key => "/etc/ssl/private/logger.abc.co.za.key"
ssl_verify_mode => "force_peer"
}
}
On the client I have set up the client certificates and the root CA certificate in the filebeat certificates-authorities.
output.logstash:
hosts: ["logger.abc.co.za:5044"]
ssl.certificate_authorities: ["/usr/local/share/ca-certificates/MySubCA-chain.pem"]
ssl.certificate: "/etc/ssl/certs/client.abc.co.za.pem"
ssl.key: "/etc/ssl/private/client.abc.co.za.key"
I get on the logstash server
"][org.logstash.beats.BeatsHandler] Exception: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem"
=> on the filebeat client.
"ERR Connecting error publishing events (retrying): remote error: tls: internal error"
Running
"openssl s_client -CAfile /usr/local/share/ca-certificates/MySubCA-chain.pem -servername logger.abc.co.za -connect logger.abc.co.za:5044 -cert /etc/ssl/certs/client.abc.co.za.pem -key /etc/ssl/private/client.abc.co.za..key"
I get
"verify return:1
139717980804760:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:s3_pkt.c:1487:SSL alert number 80
139717980804760:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:"
Running it without the client certs it works.
"openssl s_client -CAfile /usr/local/share/ca-certificates/MySubCA-chain.pem -servername logger.abc.co.za -connect logger.abc.co.za:5044"
Any ideas whats wrong? According to goolge alert 80 is
internal_error
An internal error unrelated to the peer or the correctness of theprotocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal.