Keystore need help

security

(quejinho) #1

My english is quite bad. I need a bit of help with creating the secure connection with keystore from my logstash -> transport -> shield . Without doing anything with CA how is it possible ? Can someone guide me with it ?


(Jay Modi) #2

Hi,

We don't recommend using self signed certificates because it means that in order to add a new node, you will need to perform a full cluster restart. This will not allow you to scale in production and can actually require you to perform more steps than using a CA.

You can generate your own CA and perform the steps in the documentation. I'd first start with getting SSL setup for elasticsearch with Shield and then the steps for logstash should be generating the certificate, signing it with the same CA, and ensuring the that the CA's certificate is trusted by logstash. Elasticsearch with Shield should trust the signed certificate.

Jay


(quejinho) #4

thx will try again. though that x509 will be enough. hope to have good news tommorow.


(Jay Modi) #5

Which documentation did you follow?

The missing piece to me is the CA configuration; your openssl commands look like they don't specify the config and you also need to use openssl ca instead of openssl x509 when signing the CSR. Take a look at https://www.elastic.co/guide/en/shield/current/certificate-authority.html


(quejinho) #7

After couple of times. it started to work. Thank You very much for Your help.


(Jay Modi) #8

Glad to hear you got it working. Please do let us know if you have any issues or more questions.


(system) #9