Hi All,
Appreciate any help in configuring SSL connection from Filebeat to logstash on ECK.
Openshift 4.8.x
ECK 2.1.0
ELKF stack 8.1.0
I am using to certs from Elasticsearch-es-http-certs-internal. Created pkcs8.key using the tls.key in Elasticsearch-es-http-certs-internal
oc extract secret/elasticsearch-es-http-certs-internal
openssl pkcs8 -inform PEM -in tls.key -topk8 -nocrypt -outform PEM -out pkcs8/tls.key
oc create secret generic apps-pks-certs --from-file=tls.key=pkcs8/tls.key
logstash.conf
logstash.conf: |
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/usr/share/logstash/certs/ca.crt"]
ssl_certificate => "/usr/share/logstash/certs/tls.crt"
ssl_key => "/usr/share/logstash/pkcs8/tls.key"
ssl_verify_mode => "peer"
}
}
Filebeat.yaml
output.logstash:
hosts: ['logstash.elastic-elk.svc:5044']
ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]
ssl.certificate: "/etc/filebeat/certs/tls.crt"
ssl.key: "/etc/filebeat/pkcs8/tls.key"
Logstash error when receviving logs from filebeat
[INFO ] 2022-04-25 16:07:52.146 [defaultEventExecutorGroup-4-1] BeatsHandler - [local: 0.0.0.0:5044, remote: 10.131.8.1:49578] Handling exception: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate (caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate)