Java Key Store and SSL not working for HTTP plugin


(Maria Delarosa) #1

This is my first time working with Java Key Store and I am having a bit of difficulty. I have ServerA sending logs to ServerB. I am able to establish an unsecure http communication that traffics the logs. However, when incorporating JKS to establish a secure communication using https nothing seems to be received by ServerB. How can two servers communicate securely using JKS?

Below is how I am currently setting all of this up:

Creating a keystore in ServerA:

In ServerA generate Self-Signed Certificate in Keystore

keytool -genkey \
        -alias jkstest \
        -keyalg RSA \
        -validity 365 \
        -keystore /apps/logstash/jkstest.jks
		-keysize 2048

In ServerA extract certificate

keytool -export \
		-rfc -alias jkstest \
		-keystore /apps/logstash/jkstest.jks \
		-file /apps/logstash/jkstest.crt 
		-storepass somepass 

From ServerA copy key store to ServerB

scp /apps/logstash/jkstest.jks username@serverb.com:/apps/logstash/jkstest.jks

I am using logstash to send logs from ServerA to ServerB. It is a pretty straight forward application to download and install. The crucial/imporant part is in the configuration where the JKS is used:

ServerA config.conf

input {
        file {
                path => "/var/log/apache2/error.log"
				start_position => beginning
        }
}
output {
        stdout { codec => rubydebug { metadata => true } }
        http {
                http_method => "post"
                codec => "json_lines"
                url => "https://serverb.com:5000/"
                ssl_certificate_validation => true
                cacert => "/apps/logstash/jkstest.crt"
        }
}

ServerB config.conf

input {
  http {
        port => 5000
        codec => json
        ssl => true
        keystore => "/apps/logstash/jkstest.jks"
        keystore_password => "hardt0gu355"
  }
}
output {
        stdout { codec => rubydebug { metadata => true } }
}

To start sending and receiving logs:

ServerA start logstash

bin/logstash agent -f config.conf -l logstash.log

ServerB start logstash

bin/logstash agent -f config.conf -l logstash.log

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.