I can ship logs without SSL enabled fine. And I've confirmed that the connections are reaching the Logstash machine with SSL configured, just not actually able to establish a functioning connection. I can also create an openssl client connection from the beats machine to the logstash machine on port 5044 and the SSL certs and connection all checkout fine.
I have Logstash, Elasticsearch and Kibana all communicating via ssl connections just fine, but Filebeats just won't cooperate. My current filebeats config is:
Are you sure the host setting in the Beats input in Logstash is what you want? Try removing that, perhaps it's not binding to the correct interface with the value you provided.
ssl_certficate_authorities is set because I was following the config instructions provided by elastic, and trying anything and everything to make the logstash -> beat connection function.
I have tested the ssl cert via openssl as stated in my original post:
This cert is also used to connect with elasticsearch and is working.
This is a shot in the dark, but does ca-bundle.crt contain multiple certs? Have you tried splitting them into individual files and providing each file in the certificate_authorities list in Filebeat?
Also, does Filebeat work if you disable certificate verification using verification_mode: none?
Hm, that's funny. Which format is your ca-bundle.crt? If I remember correctly, the PEM-reader in stdlib will iterate and add all certificates to the CA-Certificate-Set (being a set, even order should not matter).
X.509v3 PEM format. It's the CA bundle that we use for everything that validates SSL, which is why it didn't even occur to me it might be the issue. Never had a problem before.
hm, that's weird. I'd treat this as a bug. Can you open an issue with github including a fake-certificate bundle for testing ? Or shell commands to produce a fake certificate bundle matching your bundle in structure.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.