Hey folks,
i have trouble setting up encryption for Beats send to logstash server.
Test Config says "ok", test output on the client gives me:
logstash: 10.1.7.27:5044...
connection...
parse host... OK
dns lookup... OK
addresses: 10.1.7.27
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... ERROR tls: invalid signature by the server certificate: crypto/rsa: verification error
relevant winlogbeat.yml entries:
output.logstash:
hosts: ["1.2.3.4:5044"] #example IP
ssl.certificate_authorities: ["C:/ProgramData/Elastic/Beats/winlogbeat/neu20230804/org_ca.crt"]
ssl.certificate: "C:/ProgramData/Elastic/Beats/winlogbeat/neu20230804/client_combined.crt"
ssl.key: "C:/ProgramData/Elastic/Beats/winlogbeat/neu20230804/client.key"
Logstash Input Config:
input {
beats {
port => "5044"
ssl => true
ssl_certificate_authorities => ["/usr/share/logstash/certs/logstash_combined.crt"]
ssl_certificate => "/usr/share/logstash/certs/org_ca.crt"
ssl_key => "/usr/share/logstash/certs/logstash.key"
tags => [ "beat-ext" ]
}
}
Logstash is part of a securityonion installation, but that should make no real difference i guess.
Any Ideas what I am missing?