Filebeat Setup Fails with Wildcard Certificate

Zamiell · August 5, 2019, 4:24pm

Greetings. I found a bug in beats, but I went to open a bug issue on GitHub but the prompts directed me here to confirm that it was a bug first.

Steps to reproduce:

Vanilla CentOS 7
Download and install filebeat-6.8.0-x86_64.rpm
Edit "/etc/filebeat/filebeat.yml" to include the host, username, and password of the remote ElasticSearch cluster with HTTPS enabled on a wildcard certificate.
Run "filebeat -e setup".

This results in the following error:

2019-08-05T12:16:20.409-0400    ERROR   elasticsearch/elasticsearch.go:252      Error connecting to Elasticsearch at https://es-1-dev.company.com:9200: Get https://es-1-dev.company.com:9200: x509: certificate is valid for es-*.company.com, not es-1-dev.company.com

Did whoever program this forget about wildcard certificates? Please let me know next steps.

andrewkroh · August 19, 2019, 6:51pm

Partial wildcards are not supported because Go does not support them.

Zamiell · August 19, 2019, 7:21pm

Wow, that seems pretty crazy. Thanks for the info Andrew.

andrewkroh · August 19, 2019, 7:41pm

Try a full wildcard cert. That should work fine.

Zamiell · August 19, 2019, 7:56pm

Many companies do not allow full wildcard certificates for security purposes - if an attacker gains access to such a certificate, the results would be devastating. The fact that Golang does not support a security feature that is specified by the RFC is disappointing, to say the least.

system · September 16, 2019, 9:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.