Http_poller Host name '' does not match the certificate subject provided by the peer


I'm struggling to get the http_poller working with a piece of equipment running a self signed cert. I've created the cert with the following command
openssl s_client -showcerts -connect </dev/null 2>/dev/null|openssl x509 -outform PEM > downloaded_cert.pem; keytool -import -alias test -file downloaded_cert.pem -keystore downloaded_truststore.jks

Logstash generates the following error
"error" => "Host name '' does not match the certificate subject provided by the peer (CN=*, OU=maker, O=\"maker, INC.\", L=somewhere, ST=somewhere, C=US)"

I know very little about certificates but it looks like the error is caused by the device having assigned as its IP but the cert having a wildcard for *

Is there any way to work around this? Changing the cert is not possible. curl -k works fine but it seems such an option is not available for the http_poller.

Can you connect to the device via a domain name that matches? A potential workaround could be to add an entry in your machine's host file pointing to that IP if you don't have a real DNS entry for it.

The http_poller input plugin does not presently have an option to ignore certificate validation.


I did try adding to the hosts file of the device running logstash but that gave me the same error. Maybe I did something wrong, I'll give that another try.

Is the input configured to connect by domain name, or by IP?

Generally, SSL certs contain hostnames, not IPs. Try using the hostname of the device, may not work though. I haven't done much of anything with Java keystores so I don't quite know where this error is at in the process but you probably need to import the self-signed cert into the Java keystore.

This was the part I forgot. Still had the config pointing to the IP instead of the domain. It's all working now :slight_smile:

I really like this plugin, very powerful for my use case.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.