Logstash http_poller input from server with self-signed SSL certificate

Hi All,

I’m new to Elasticsearch and attempting to configure logstash http_poller input plugin to make api calls against a web server for performance data. Currently getting an “http_request_failure.error, handshake_failure”. Any chance of someone providing an example configuration for using http_poller plugin against a webserver with a self-signed certificate.

Thanks

What config do you have now?

my current config is pasted below. thanks

input {
http_poller {
urls => {
test => {
# Supports all options supported by ruby's Manticore HTTP client
method => post
url => "https://lwl/lwl/api?json={"inspector"%3A"4"%2C"basis"%3A"machines"%2C"date"%3A"2%20hours"%2C"limit"%3A"0"}"
verify_cert => true
}
}
request_timeout => 60
interval => 60
codec => "json"
# A hash of request metadata info (timing, response headers, etc.) will be sent here
metadata_target => "http_poller_metadata"
}

}

filter {

}

output {
elasticsearch {
protocol => "http"
}
}

Is the cert on the other end correct?

You can check with openssl s_client -showcerts -connect hostname:9200.

Yes, the self-signed cert is on the remote server I'm attempting to poll data from.

below is the result of the command openssl s_client -showcerts -connect hostname:9200

I generated a certificate for the elasticsearch node using the following commands:
keytool -importcert -keystore c:\temp\labes01.jks -file c:\temp\prolab-ca.cer -alias prolab_ca

keytool -genkey -alias labes01 -keystore c:\temp\labes01.jks -keyalg RSA -keysize 2048 -validity 712 -ext san=dns:labes01.prolab.inc,ip:10.143.0.217

keytool -certreq -alias labes01 -keystore c:\temp\labes01.jks -file c:\temp\labes01.csr -keyalg rsa -ext san=dns:labes01.prolab.inc,ip:10.143.0.217

keytool -importcert -keystore c:\temp\labes01.jks -file C:\temp\labes01-cert.cer -alias labes01

I also followed instruction on this link to enable SSL on the node: https://www.elastic.co/guide/en/shield/current/ssl-tls.html#installing-node-certificates
here is a screenshot of the elasticsearch configuration file where SSL is enabled