Heartbeat Config advice


(François Meulenberg) #1

Hi,

I’m trying to configure a heartbeat http monitor to monitor a https URL protected by a client certificate. But it seems that I cannot get it working in a proper way.

I’ve tried serval configs listed below:

Config 1:
heartbeat.monitors:

  • type: http
    urls: ["https://URL.url"]
    schedule: '@every 10s'
    ssl:
    certificate_authorities: ['ca.crt']
    certificate: ['cert.crt']
    key: ['key.key']

This results in that I can start the service but the http monitor fails with:
ERROR beater/manager.go:155 failed to load monitor tasks: can not convert 'object' into 'string' accessing 'ssl.certificate' (source:'C:\Program Files\Heartbeat\heartbeat.yml') when initializing monitor http(0)

Config 2:
heartbeat.monitors:

  • type: http
    urls: ["https://URL.url"]
    schedule: '@every 10s'
    ssl:
    certificate_authorities: “ca.crt”
    certificate: “cert.crt”
    key: “'key.key”

This results in a complete failure of the service. (refuses to start)

Config 3: (Only using the CA as authenticator)
heartbeat.monitors:

  • type: http
    urls: ["https://url.url"]
    schedule: '@every 10s'
    ssl:
    certificate_authorities: ['CA.crt']

This results in a start of the service and the http monitor functions.
But I’m getting a response: “x509: certificate signed by unknown authority”

Can somebody point out what I’m doing wrong?

Many thanks in advance!


(Andrew Cholakian) #2

Thanks for the report. I've created an issue to track this: https://github.com/elastic/beats/issues/8979.

I'll post updates there


(Andrew Cholakian) #3

@Francois I added a test case for this, which we needed in #8984, but it wound up showing that client auth works.

For case 2, can you provide any error logs showing what specifically did not work?


(RAMKUMAR GOPAL) #4

i have a similar issue when i monitor https URL , http works fine .


(Andrew Cholakian) #5

Hmmmm, can you validate that this client cert works? Have you tried testing it with cURL for instance?


(RAMKUMAR GOPAL) #6

Tried disableing ssl verification ssl.verification_mode: none and it worked


(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.