FIlebeat SSL Issue

adwaitjoshi · July 2, 2019, 7:29pm

I am using SSL for Kibana and have the following config values set in the filebeat.yml file

ssl.enabled: true
ssl.certificate: "cert.pem"
ssl.key: "key.pem"
ssl.key_passphrase: "XXXXXXXX"

when I try to run filebeat setup I get the following error

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to load the TLS config: 1 error: tls: failed to parse private key

I am a 100% certain my passphrase is right and the certs are good. Any ideas what may be going on?

Juanma · July 2, 2019, 8:12pm

Hello @adwaitjoshi

Where have you seen these parameters for kibana setup?

I just configured a filebeat 7.2 against kibana and worked just fine with the following configuration:

  setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "https://hostname:5601"

As you can see at https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html the key parameter is for authentication so unless you have ssl auth it won't be necessary.

In case to add a parameter I would add the CA as in the following link https://www.elastic.co/guide/en/beats/filebeat/current/setup-kibana-endpoint.html

I hope this help.

adwaitjoshi · July 3, 2019, 2:33pm

So yes, we do have authentication on ES and Kibana. I have tried the following configs as well

host: "x.x.x.x:5601"
protocol: "https"
username: "elastic"
password: "XXXXXXXXXX"

and then I get the following error

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://x.x.x.x:5601/s/filebeat/api/status fails: fail to execute the HTTP GET request: Get https://x.x.x.x:5601/s/filebeat/api/status: x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs. Response: .

Juanma · July 3, 2019, 3:03pm

Hello @adwaitjoshi

Seems that you are using and ip on the URI.

In order to make ssl work you have to use the hostname provided in the certificate or change the certificate including the ip in it. You also can disable certificate validation.

I hope this helps

adwaitjoshi · July 3, 2019, 5:34pm

Disabling validation would be the right approach in our case, however there seems to be no such property on filebeat or kibana. Unless i am overlooking something.

Juanma · July 3, 2019, 6:29pm

Hello

Try with setup.kibana.ssl.verification_mode to none, source: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html

adwaitjoshi · July 3, 2019, 6:39pm

WOW I feel like an idiot now I must have looked for it over an hour! That did the trick. Thanks.

system · July 31, 2019, 8:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can FileBeat access Kibana over SSL? Beats filebeat	7	617	December 28, 2020
About filebeat config error Beats	1	321	February 9, 2022
Filebeat certificate issue while setting up Kibana dashboard Beats filebeat	1	333	December 13, 2019
Cert error for intial setup of fileBeat Beats filebeat	4	2747	March 20, 2022
Filebeat could not connect to logstash on SSL Beats filebeat	6	3847	November 30, 2018

FIlebeat SSL Issue

Related Topics