Logstash and filebeat are not working with my private CA system


(Sean Bollin) #1

I've created a root ca, and an intermediate ca. I signed my logstash server cert with the intermediate CA. I know my certificate system is working (as I'm using it on other software's and it's fine).

Problem is - does logstash and filebeat work with an intermediate CA or not? I see conflicting reports.

I've got the ssl set to true, ssl_certificate is a PEM with my server cert -> intermediate cert -> root cert (in that order)

and then filebeat is set up to trust the root cert.

However, it's still not working. When I call logstash with openssl it only presents the Server cert.


(Andrew Kroh) #2

I was able to trust an intermediate CA in Filebeat, but it required using both the root and intermediate CA. See this issue: https://github.com/elastic/beats/issues/1494

After Logstash/JRuby fix their handling of the CA chain, then the server should return the full chain, and Filebeat should no longer need the work-around I described in the issue.


(Sean Bollin) #3

awesome, working now.

i saw your issue on github before, but i thought it was referring to concatenating the certs to the logstash server cert (which is sometimes needed)..

thanks!


(system) #4