How should I configure TLS?

Hamada · December 15, 2023, 8:00am

I don't know how to set up a certificate to connect Winlogbeat to Elasticsearch via https.

What should I do to create a PEM file from the CA (http.p12) created at initial startup?

I don't understand what is required in the following steps.

===
Connect clients to Elasticsearchedit
When you start Elasticsearch for the first time, TLS is configured automatically for the HTTP layer. A CA certificate is generated and stored on disk at:

/etc/elasticsearch/certs/http_ca.crt
The hex-encoded SHA-256 fingerprint of this certificate is also output to the terminal. Any clients that connect to Elasticsearch, such as the Elasticsearch Clients, Beats, standalone Elastic Agents, and Logstash must validate that they trust the certificate that Elasticsearch uses for HTTPS. Fleet Server and Fleet-managed Elastic Agents are automatically configured to trust the CA certificate. Other clients can establish trust by using either the fingerprint of the CA certificate or the CA certificate itself.

If the auto-configuration process already completed, you can still obtain the fingerprint of the security certificate. You can also copy the CA certificate to your machine and configure your client to use it.

===

stephenb · December 17, 2023, 7:27pm

Follow these instructions:

Either

a) Copy /etc/elasticsearch/certs/http_ca.crt to each winlogbeat host and then reference that copy in this setting (and yes that http_ca.crt is a .pem

output.elasticsearch.ssl.certificate_authorities: ["/etc/client/http_ca.crt"]

b) Generate the SHA-256 fingerprint with the instructions that you referenced above and set that with

openssl x509 -fingerprint -sha256 -noout -in /etc/elasticsearch/certs/http_ca.crt | awk --field-separator="=" '{print $2}' | sed 's/://g'

output.elasticsearch.ssl.ca_trusted_fingerprint: "thereallylongfingerprintfromthecommandabove

c) Not recommended set

output.elasticsearch.ssl.verification_mode: none

Hamada · December 19, 2023, 7:02am

Thanks to you, this problem was solved

stephenb · December 19, 2023, 7:14am

Hi @Hamada
What was your solution... It may help others.

system · January 16, 2024, 9:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to configure Filebeat and Logstash 8.1 with TLS Logstash elastic-stack-security	3	898	May 8, 2022
Filebeat to Logstash TLS Logstash elastic-stack-security	1	253	June 20, 2020
How to connect beats to elasticsearch, when elasticsearch using ssl/tls Beats filebeat , winlogbeat , auditbeat	20	1946	June 3, 2021
Beats stopped working after enabled TLS/SSL on Elasticsearch and Kibana Beats packetbeat , winlogbeat , auditbeat	7	675	October 20, 2020
How to secure Beat communication to Elasticsearch Beats filebeat , winlogbeat	2	325	July 6, 2022

How should I configure TLS?

Related topics