How to secure Beat communication to Elasticsearch

Moritz_Kiesewetter · June 7, 2022, 8:19am

Hello everyone,

i've got the following Setup:
3 Node Cluster
OS: RedHat 8.6
Kibana: 7.17
Elasticsearch: 7.17
Winlogbeat/Filebeat: 7.17

So i've followed the "Secure your Cluster"-Guides provided:
Minimal:

Basic:

Secure + HTTPs:

It all worked fine and my Cluster is ready to gain some data.

I've looked around a bit - but did not find what i was looking for:

If i want my Filebeat and my winlogbeat-Agents to use encrypted channels to send data - the guide tells me to use the following:

output.elasticsearch:
  hosts: ["https://myEShost:9200"]
  ssl.certificate_authorities: 
    - /etc/pki/my_root_ca.pem
    - /etc/pki/my_other_ca.pem
  ssl.certificate: "/etc/pki/client.pem" 
  ssl.key: "/etc/pki/key.pem"

Do i simply use the elastic-stack-ca.p12 created in one of those guides to create a .pem Cert + Key via opensll-Command? Or am i missing a point here?

Thanks in advance!

stephenb · June 8, 2022, 3:30am

You should be able to just use the ca you created for kibana during the "Secure + HTTPs:" step

/kibana
|_ README.txt
|_ elasticsearch-ca.pem <!--- This One
|_ sample-kibana.yml

Its actuall near the bottom of the same page you linked to here

output.elasticsearch:
 hosts: ["<your_elasticsearch_host>:9200"]
 protocol: "https"
 username: "metricbeat_writer"
 password: "<password>"
 ssl:
   certificate_authorities: ["elasticsearch-ca.pem"]
   verification_mode: "certificate"

BTW it changes slightly in 8.x if you do the Auto Security Setup

  username: "elastic"
  password: "password "
  ssl.certificate_authorities : ["path_to_certs/config/certs/http_ca.crt"] <!---- Generated at setup time.

system · July 6, 2022, 5:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.