Hi. I can't establish an SSL connection between Logstash (containerized) and Filebeat. I'm using a self-signed certificate.

Actions I performed:

openssl req -newkey rsa:4096 -nodes -keyout logstash.key -subj "/CN=(hostname IP)" -out logstash.csr;

openssl x509 -req -extfile <(printf "subjectAltName=IP:(hostname IP)"> -sha256 -days 3650 -in logstash.csr -signkey logstash.key -out logstash.crt

openssl pkcs8 -in logstash.key -topk8 -nocrypt -out logstash.pkcs8.key and mounted it in Logstash' continer

Then I specified logstash.crt as a certificate_authorities in Filebeat conf file.

And it turns out, that Filebeat can't connect to Logstash. I know I should use elastic' util for certification generation but I don't see how can I specify SAN option there. From Logstash' logs: file does not contain valid private key: /logstash.key. My question is what wrong with the key?

Hi @Devopsio,

this blog post helped me out when I was setting up SSL between Filebeat and Logstash

The Filebeat output config and Logstash input config would help a lot to be able to give you more specific advise

The problem is that I've used elastic' certutil to create CA and a certificate. And according to elastic's guide, it's the way to generate ca, crt and key files. Also, to create a pkcs8 key. And I can't find how to add SAN to the certificate with the certutil. Without IP SAN my certs don't work. What I can do?

So, I managed to solve my issue by using IP instead of DNS in instances.yml file when generating ca, crt and key files with elasticsearch-certutil. Also, being in container, Logstash doesn't automatically rereads pipeline file if you change it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.