Logstash Elasticsearch input plugin mTLS

I have question related to mutual TLS authentication in case of using logstash Elasticsearch input plugin. I have Elasticsearch cluster installed and configured to work over tls using mutual authentication.

Now I want to read from this cluster and send it to the output. Let's skip output plugin part for now.

Below applied logstash configuration

input {
    elasticsearch {
        hosts => ["host:port"]
        ssl => true
        user => "myUser"
        password => "myPassword"
        ca_file => "path/to/my/certificate/authority/cert.pem"
        index => "index_name"
    }
}

As far as I understand ca_file used in order to validate certificate that comes from Elasticsearch (server side) as part of TLS handshake.

My questions are:

  1. One way TLS. ssl flag is enabled, ca_file is populated, but is there any configuration based on which I could state that I don't need to verify hostname I am working with?
  2. Mutual TLS case. How I can provide client certificate or keystore to the logstash. So this certificate can be used by elasticsearch cluster (server) in order to authenticate the logstash (client). Is there such an option? Does logstash Elasticsearch input plugin really supports that?

No, the elasticsearch input and filter do not support disabling name-match verification. The elasticsearch output does, but it is a terrible, terrible idea to do so.

As far as I know, the elasticsearch input does not support client certificates.

As far as I know, the elasticsearch input does not support client certificates.

It does not :frowning: which is problematic if cluster requires client authentication.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.