FIlebeat SSL Issue

I am using SSL for Kibana and have the following config values set in the filebeat.yml file

ssl.enabled: true
ssl.certificate: "cert.pem"
ssl.key: "key.pem"
ssl.key_passphrase: "XXXXXXXX"

when I try to run filebeat setup I get the following error

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to load the TLS config: 1 error: tls: failed to parse private key

I am a 100% certain my passphrase is right and the certs are good. Any ideas what may be going on?

Hello @adwaitjoshi

Where have you seen these parameters for kibana setup?

I just configured a filebeat 7.2 against kibana and worked just fine with the following configuration:

  setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "https://hostname:5601"

As you can see at https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html the key parameter is for authentication so unless you have ssl auth it won't be necessary.

In case to add a parameter I would add the CA as in the following link https://www.elastic.co/guide/en/beats/filebeat/current/setup-kibana-endpoint.html

I hope this help. :slight_smile:

So yes, we do have authentication on ES and Kibana. I have tried the following configs as well

host: "x.x.x.x:5601"
protocol: "https"
username: "elastic"
password: "XXXXXXXXXX"

and then I get the following error

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://x.x.x.x:5601/s/filebeat/api/status fails: fail to execute the HTTP GET request: Get https://x.x.x.x:5601/s/filebeat/api/status: x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs. Response: .

Hello @adwaitjoshi

Seems that you are using and ip on the URI.

In order to make ssl work you have to use the hostname provided in the certificate or change the certificate including the ip in it. You also can disable certificate validation.

I hope this helps :slight_smile:

Disabling validation would be the right approach in our case, however there seems to be no such property on filebeat or kibana. Unless i am overlooking something.

Hello

Try with setup.kibana.ssl.verification_mode to none, source: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html

WOW I feel like an idiot now I must have looked for it over an hour! That did the trick. Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.