Logstash / Beats Encryption Error

Hey folks,

i have trouble setting up encryption for Beats send to logstash server.

Test Config says "ok", test output on the client gives me:
logstash: 10.1.7.27:5044...
connection...
parse host... OK
dns lookup... OK
addresses: 10.1.7.27
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... ERROR tls: invalid signature by the server certificate: crypto/rsa: verification error

relevant winlogbeat.yml entries:

output.logstash:
  hosts: ["1.2.3.4:5044"] #example IP
  ssl.certificate_authorities: ["C:/ProgramData/Elastic/Beats/winlogbeat/neu20230804/org_ca.crt"]
  ssl.certificate: "C:/ProgramData/Elastic/Beats/winlogbeat/neu20230804/client_combined.crt"
  ssl.key: "C:/ProgramData/Elastic/Beats/winlogbeat/neu20230804/client.key"

Logstash Input Config:

 input {
      beats {
         port => "5044"
         ssl => true
         ssl_certificate_authorities => ["/usr/share/logstash/certs/logstash_combined.crt"]
         ssl_certificate => "/usr/share/logstash/certs/org_ca.crt"
         ssl_key => "/usr/share/logstash/certs/logstash.key"      
         tags => [ "beat-ext" ]
        }
     }

Logstash is part of a securityonion installation, but that should make no real difference i guess.

Any Ideas what I am missing?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.