Filebeat Setup Fails with Wildcard Certificate

Greetings. I found a bug in beats, but I went to open a bug issue on GitHub but the prompts directed me here to confirm that it was a bug first.

Steps to reproduce:

  1. Vanilla CentOS 7
  2. Download and install filebeat-6.8.0-x86_64.rpm
  3. Edit "/etc/filebeat/filebeat.yml" to include the host, username, and password of the remote ElasticSearch cluster with HTTPS enabled on a wildcard certificate.
  4. Run "filebeat -e setup".

This results in the following error:

2019-08-05T12:16:20.409-0400    ERROR   elasticsearch/elasticsearch.go:252      Error connecting to Elasticsearch at https://es-1-dev.company.com:9200: Get https://es-1-dev.company.com:9200: x509: certificate is valid for es-*.company.com, not es-1-dev.company.com

Did whoever program this forget about wildcard certificates? Please let me know next steps.

Partial wildcards are not supported because Go does not support them.

Wow, that seems pretty crazy. Thanks for the info Andrew.

Try a full wildcard cert. That should work fine.

Many companies do not allow full wildcard certificates for security purposes - if an attacker gains access to such a certificate, the results would be devastating. The fact that Golang does not support a security feature that is specified by the RFC is disappointing, to say the least.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.