openssl pkcs8 -in logstash.key -topk8 -nocrypt -out logstash.pkcs8.key and mounted it in Logstash' continer
Then I specified logstash.crt as a certificate_authorities in Filebeat conf file.
And it turns out, that Filebeat can't connect to Logstash. I know I should use elastic' util for certification generation but I don't see how can I specify SAN option there. From Logstash' logs: file does not contain valid private key: /logstash.key. My question is what wrong with the key?
The problem is that I've used elastic' certutil to create CA and a certificate. And according to elastic's guide, it's the way to generate ca, crt and key files. Also, to create a pkcs8 key. And I can't find how to add SAN to the certificate with the certutil. Without IP SAN my certs don't work. What I can do?
So, I managed to solve my issue by using IP instead of DNS in instances.yml file when generating ca, crt and key files with elasticsearch-certutil. Also, being in container, Logstash doesn't automatically rereads pipeline file if you change it.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.