Getting a Filebeat server certificate verification fail

I have filebeat working on a production server successfully and am now putting on a second production server using the exact same process. I copied over the same Logstash crt file and added it to the filebeat.yml file.

I am getting the below error when using it and not sure how to fix.

curl -v --cacert /etc/pki/tls/certs/logstash-forwarder.crt

  • Connected to ( port 5044 (#0)
  • found 1 certificates in /etc/pki/tls/certs/logstash-forwarder.crt
  • found 694 certificates in /etc/ssl/certs
  • ALPN, offering http/1.1
  • SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
  • server certificate verification failed. CAfile: /etc/pki/tls/certs/logstash-forwarder.crt CRLfile: none
  • Closing connection 0
    curl: (60) server certificate verification failed. CAfile: /etc/pki/tls/certs/logstash-forwarder.crt CRLfile: none

-- from the first prod server that works fine.

Also here is part of the second server's log file

2017-04-06T19:28:52Z ERR Connecting error publishing events (retrying): read tcp> read: connection reset by peer

I assume I can use the same logstash crt file for all production filebeat services.

thanks for any assistence,

can you share your filebeat output settings? Have you configured you certificate to be validated by hostname or IP? Are you using IP on both filebeat instances? Can you try with openssl client (might have some more details)?

I realized that i copied over an old crt file to my 2nd prod box. Took me a while to figure that out until i echoed out the crt contents on prod2 and compared to the crt file on my ELK server. Then i realized I had an old one. Sorry and thanks.

This topic was automatically closed after 21 days. New replies are no longer allowed.