Dear all,
Im trying to setup ssl to connect filebeat to elastic
Elastic service is running in xxxxx.yy:9200
filebeat.yml
hosts: ["xxxxx.yy:9200"]
protocol: "https"
ssl.certificate_authorities: "/etc/filebeat/security/es-ca.crt"
ssl.certificate: "/etc/filebeat/security/es-crt.crt"
ssl.key: "/etc/filebeat/security/es.key"
I created the cert using the following commands
Obtain key
openssl pkcs12 -in /etc/elasticsearch/security/elastic-certificates.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > es.key
Obtain the CA:
openssl pkcs12 -in /etc/elasticsearch/security/elastic-certificates.p12 -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > es-ca.crt
Obtain the node certificate:
openssl pkcs12 -in /etc/elasticsearch/security/elastic-certificates.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > es-cert.crt
The cluster and kibana are up and running and connected via ssl
Im trying to use certs to authenticate no basic authentication to ES
When starting filebeat I have
{"log.level":"error","@timestamp":"2022-07-08T21:55:12.183-0300","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":235},"message":"error connecting to Elasticsearch at https://xxxxx.yy:9200: 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}","service.name":"filebeat","ecs.version":"1.6.0"}
Please help to understand what is missing.
Thanks!!!