Logstash https plugin not working

Hi Team,

I am unable to send data with logstash plugin https, someone please help me.
I can send data with http without security successfully, but when try to enable ssl, it is failing,

please find the below command syntax and configuration and advise

curl -v -H 'content-type: application/json' --cacert /path/to/cert.pem -XPUT 'https://logstashnode:XXXX/_bulk' -d @/path/to/test.json

  • About to connect() to logstashnode port XXXX (#0)
  • Trying XX.XX.XX.XX ... connected
  • Connected to logstashnode (XX.XX.XX.XX) port XXXX (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /path/to/cert/abc.pem
    CApath: none
  • NSS error -5961
  • Closing connection #0
  • SSL connect error
    curl: (35) SSL connect error

Below is my plugin configuration:

input {
       http {
             port => XXXX
             user => XXXXX
             password => "XXXXXX"
             codec => json
             ssl => true
             keystore => "/path/XXXXXXXX.jks" 
             keystore_password => "XXXXX"
       }
}
`````````````````````

-5961L is "TCP connection reset by peer". It is unclear why the http input would do that.

If I use http without ssl, it is working fine.
but it is failing only if i use https with ssl. Please advise

Does logstash log anything when it drops the connection?

No messages found in logstash log file.

I have removed user section and updated like below, but still it is not working.
working only when i disable ssl.

input {
http {
port => XXXX
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}

Can you try replacing keystore/keystore_password with ssl_certificate (.crt format) and ssl_key (PKCS8 format)?

I found the below error in logstash and not able to start it.

[ERROR][logstash.inputs.http ] Unknown setting 'ssl_certificate' for http
[ERROR][logstash.inputs.http ] Unknown setting 'ssl_key' for http

But the below configuration is working for filebeat.

input {
        beats {
                port=> XXXX
                ssl => true
                ssl_certificate => "/path/to/xxx.crt"
                ssl_key => "/path/to.xxx.pkcs8"
        }
}

Which version of logstash are you using?

Can you confirm the keystore includes the private key and not just the certificate?

Yes please confirm the logstash version and looking at the documentation here
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html

You should be replacing beats with http.

Issue got resolved after fixing the jks file passwd,
I am using logstash 5.6 Version and below is the config that worked,

Thanks Badger & Sreekanth for your help !!

input {
http {
port => XXXX
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.