How to configure SSL for logstash-input-tcp when running on windows?


(Tonni Hult) #1

Hi

I need help in getting the ssl configuration correct. We are running ELK on windows servers and are now sending the logs from nxlog to logstash over tcp, port 5000. Now we are switching over to ssl but I can't seem to get the configuration right.

For testing purpose I've created a self-signed certificate which I've converted from a .pfx to .cer and .key files. I've also opened up the certificate and removed the bits before ----BEING as instructed in https://gist.github.com/ericharth/8334664

We are running Logstash version 2.4.1 and my configuration is as below

tcp {
	port => 443
	codec => json
	ssl_enable => true
	ssl_cert => "<path_to_crt>"
	ssl_key => "<path_to_key>"
	ssl_key_passphrase => "<passphrase>"
	ssl_verify => false
	tags => "ssl_transfer"
}

For the path for example in ssl_cert I've tried using "F:\cert.cer", "/f/cert.cer", "F:/cert.cer", "F:\cert.cer" but I can not get logstash to start up correctly. The errors I mainly get are these

{:timestamp=>"2017-05-10T14:33:37.837000+0200", :message=>"Could not inititalize SSL context", :exception=>#<OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:>, :backtrace=>["org/jruby/ext/openssl/PKeyRSA.java:285:in initialize'", "C:/monitoring/logstash-2.4.1/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.6/lib/logstash/inputs/tcp.rb:214:inssl_context'",

{:timestamp=>"2017-05-10T14:48:48.399000+0200", :message=>"Invalid setting for tcp input plugin:\n\n input {\n tcp {\n # This setting must be a path\n # File does not exist or cannot be opened /F/certificates/funwithflagscertificate.crt\n ssl_cert => "/F/cert.crt"\n ...\n }\n }", :level=>:error}

Greatful for any help
Tonni


(Tonni Hult) #2

I got it working by using the tip "Convert the .pfx file using OpenSSL" from this site https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-an-apache-server.html Regarding the path it worked fine with for example this

ssl_cert => "c:\cert\certificate.cert"


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.