I installed elasticsearch 8.3.3 on ubuntu 18.04 and allowed xpack.
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
after entering the password gives the result
{
"name" : "mgmt-els-01",
"cluster_name" : "mgmt-els-01",
"cluster_uuid" : "m5yvSutmRvqutn6DmCLlZQ",
"version" : {
"number" : "8.3.3",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "801fed82df74dbe537f89b71b098ccaff88d2c56",
"build_date" : "2022-07-23T19:30:09.227964828Z",
"build_snapshot" : false,
"lucene_version" : "9.2.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Generated fingerprint
openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt
and pasted it into the filebeat config on another server.
But when I try to send logs to the elasticsearch server, I get an error -
[2022-08-11T13:40:43,636][WARN ][o.e.h.AbstractHttpServerTransport] [mgmt-els-01] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/172.61.10.49:9200, remoteAddress=/10.67.8.72:42476}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Filebeat config:
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
hosts: ["mgmt-els-01.node.consul"]
protocol: https
username: "filebeat"
password: "somepasswd"
ssl:
enabled: true
ca_trusted_fingerprint: "fingerprint"
filebeat version
filebeat version 8.3.3 (amd64), libbeat 8.3.3 [1755b5dd3127bf755ee39deb25a802438bdac620 built 2022-07-23 00:34:44 +0000 UTC]
What am I doing wrong?