Logstash and filebeat are not working with my private CA system

Sean_Bollin · May 27, 2016, 7:18pm

I've created a root ca, and an intermediate ca. I signed my logstash server cert with the intermediate CA. I know my certificate system is working (as I'm using it on other software's and it's fine).

Problem is - does logstash and filebeat work with an intermediate CA or not? I see conflicting reports.

I've got the ssl set to true, ssl_certificate is a PEM with my server cert -> intermediate cert -> root cert (in that order)

and then filebeat is set up to trust the root cert.

However, it's still not working. When I call logstash with openssl it only presents the Server cert.

andrewkroh · May 27, 2016, 8:50pm

I was able to trust an intermediate CA in Filebeat, but it required using both the root and intermediate CA. See this issue: Clarify intermediate CA usage in Logstash TLS docs · Issue #1494 · elastic/beats · GitHub

After Logstash/JRuby fix their handling of the CA chain, then the server should return the full chain, and Filebeat should no longer need the work-around I described in the issue.

Sean_Bollin · May 27, 2016, 10:08pm

awesome, working now.

i saw your issue on github before, but i thought it was referring to concatenating the certs to the logstash server cert (which is sometimes needed)..

thanks!