Generate SSL Certs for Filebeat->Logstash

Sundaramoorthy_Anand · July 17, 2019, 9:13am

I need to establish an SSL connection b/w my logstash and filebeat.

To generate Cert I reffered ESCertUtil

But it is confusing..

To create CA (as zip), I did bin/elasticsearch-certutil ca --pem
then I unzipped it using unzip as ca.crt and ca.key .. It have not asked for any password.

soon after, to generate server cert and key , I did bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

It promted me for CA password and I entered it. It spits out the following error:

Exception in thread "main" java.nio.file.NoSuchFileException: elastic-stack-ca.p12
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
        at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
        at java.nio.file.Files.newByteChannel(Files.java:361)
        at java.nio.file.Files.newByteChannel(Files.java:407)
        at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
        at java.nio.file.Files.newInputStream(Files.java:152)
        at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyStore(CertParsingUtils.java:68)
        at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readPkcs12KeyPairs(CertParsingUtils.java:127)
        at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$loadPkcs12CA$1(CertificateTool.java:341)
        at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:931)
        at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:85)
        at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.loadPkcs12CA(CertificateTool.java:340)
        at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.getCAInfo(CertificateTool.java:328)
        at org.elasticsearch.xpack.security.cli.CertificateTool$GenerateCertificateCommand.execute(CertificateTool.java:684)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.Command.main(Command.java:90)
        at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:137)
[root@hc4t05745 elasticsearch-6.4.2]# bin/elasticsearch-certutil cert --ca
Simplifies certificate creation for use with the Elastic Stack

For me the process is pretty confusing, can anyone explain me the clear steps with example and not with any elastic links ( I have searched many but confused, thats why) .. Thanks in advance !

system · August 14, 2019, 9:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Creating Certificate using Certutil Logstash elastic-stack-security	3	1155	June 27, 2020
How to generate certs for Filebeats with elasticsearch-certutil? Elasticsearch elastic-stack-security	3	804	August 14, 2020
How to configure Filebeat and Logstash 8.1 with TLS Logstash elastic-stack-security	3	897	May 8, 2022
Filebeat encrypted communication to Logstash Beats	3	369	July 31, 2020
SSL between Filebeat and Logstash using .p12 Logstash	8	5253	May 9, 2018

Generate SSL Certs for Filebeat->Logstash

Related Topics