Hello there!
I am trying to set up Logstash input TCP plugin with TLS enabled to receive logs from rsyslog using rsyslog-gnutls; and encountered one problem related to SSL handshake.
I tried with gnutls and openssl with the same result...
Can anyone help me with the troubleshooting?
The CA certificate is part of the trust store, by putting it in /etc/pki/ca-trust/source/anchors/ and execute update-ca-trust.
OS is CentOS 7.3.1611.
[root@siemlr01 ~]# yum info logstash
Installed Packages
Name : logstash
Arch : noarch
Epoch : 1
Version : 5.1.1
Release : 1
Size : 166 M
Repo : installed
From repo : elastic-5.x
Summary : An extensible logging pipeline
URL : http://www.elasticsearch.org/overview/logstash/
License : ASL 2.0
Description : An extensible logging pipeline
Plugin version: logstash-input-tcp-4.1.0
Logstash input tcp configuration (tested with and without adding CA pem as ssl_extra_chain_certs; and with full chain or just the cert as ssl_cert -- same final result):
[root@siemlr01 ~]# cat /etc/logstash/conf.d/input-tcp.conf
input {
tcp {
port => 1443
mode => "server"
ssl_enable => true
#ssl_cert => "/etc/tls/chain.pem"
ssl_cert => "/etc/tls/XX.pem"
ssl_extra_chain_certs => "/etc/tls/XXCA.pem"
ssl_key => "/etc/tls/XX.key"
ssl_key_passphrase => "XX"
ssl_verify => true
add_field => {
"type" => "ssl"
"logsourcetype" => "linux"
}
}
}
[root@siemlr01 ~]#