I have filebeat working on a production server successfully and am now putting on a second production server using the exact same process. I copied over the same Logstash crt file and added it to the filebeat.yml file.
I am getting the below error when using it and not sure how to fix.
curl -v --cacert /etc/pki/tls/certs/logstash-forwarder.crt https://10.0.0.xxx:xxxx
- Connected to 10.0.0.xxx (10.0.0.xxx) port 5044 (#0)
- found 1 certificates in /etc/pki/tls/certs/logstash-forwarder.crt
- found 694 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
- server certificate verification failed. CAfile: /etc/pki/tls/certs/logstash-forwarder.crt CRLfile: none
- Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/pki/tls/certs/logstash-forwarder.crt CRLfile: none
-- from the first prod server that works fine.
Also here is part of the second server's log file
2017-04-06T19:28:52Z ERR Connecting error publishing events (retrying): read tcp 10.0.0.19:54658->10.0.0.212:5044: read: connection reset by peer
I assume I can use the same logstash crt file for all production filebeat services.
thanks for any assistence,