Filebeat Setup Fails with Wildcard Certificate

Elastic Stack Beats
1

Greetings. I found a bug in beats, but I went to open a bug issue on GitHub but the prompts directed me here to confirm that it was a bug first.

Steps to reproduce:

  1. Vanilla CentOS 7
  2. Download and install filebeat-6.8.0-x86_64.rpm
  3. Edit "/etc/filebeat/filebeat.yml" to include the host, username, and password of the remote ElasticSearch cluster with HTTPS enabled on a wildcard certificate.
  4. Run "filebeat -e setup".

This results in the following error:

2019-08-05T12:16:20.409-0400    ERROR   elasticsearch/elasticsearch.go:252      Error connecting to Elasticsearch at https://es-1-dev.company.com:9200: Get https://es-1-dev.company.com:9200: x509: certificate is valid for es-*.company.com, not es-1-dev.company.com

Did whoever program this forget about wildcard certificates? Please let me know next steps.

2

Partial wildcards are not supported because Go does not support them.

3

Wow, that seems pretty crazy. Thanks for the info Andrew.

4

Try a full wildcard cert. That should work fine.

5

Many companies do not allow full wildcard certificates for security purposes - if an attacker gains access to such a certificate, the results would be devastating. The fact that Golang does not support a security feature that is specified by the RFC is disappointing, to say the least.