Filebeat to Logstash TLS

Hi,

I'm trying to set TLS communication between filebeat and logstash. I can see the documentation here https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html but this is in case of crt and key. But I have a .pem

How should my config be changed?

Here is the logstash.conf

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/kibana/elasticsearch-ca.pem"]
    
    #ssl_certificate => "/etc/server.crt"
    #ssl_key => "/etc/server.key"
    #cacert => '/home/amdin1/Desktop/elasticsearch-ca.pem'
    ssl_verify_mode => "force_peer"
  }
}

output {
  if [@metadata][pipeline] {
    elasticsearch {
     hosts => "https://192.168.2.220:9200"
     manage_template => false
     index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
     pipeline => "%{[@metadata][pipeline]}"
     user => "elastic"
     password => "@bc123"
     ssl => true
     cacert => '/etc/kibana/elasticsearch-ca.pem'
    }
  } else {
    elasticsearch {
      hosts => "https://192.168.2.220:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
      user => "elastic"
      password => "@bc123"
      ssl => true
      cacert => '/etc/kibana/elasticsearch-ca.pem'
    }
  }
}

Here is the logstash optput part in filebeat.yml (note that elasticsearch-ca.pem is copied from server to ubuntu client desktop)

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["192.168.2.220:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  ssl.certificate_authorities: ["/home/amdin/Desktop/elasticsearch-ca.pem"]
  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

Note: I already have the following:

  • elastic-stack-ca.p12
  • elastic-certificates.p12
  • http.p12
  • kibana-server.p12
  • elasticsearch-ca.pem

Any help please?

Regards,