Hi guys,
I cannot see my logstash node in Kibana because it cannot connect to elasticsearch due to bad certificate:
[2020-01-21T08:26:01,246][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [https://logstash_system:xxxxxx@elastic01.node.com:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate"}
[2020-01-21T08:26:01,314][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
[2020-01-21T08:26:05,378][WARN ][logstash.outputs.elasticsearch][logstash-filebeat] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash_internal:xxxxxx@elastic01.node.com:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://logstash_internal:xxxxxx@elastic01.node.com:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors"}
my elasticsearch.yml:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /certs/elastic01.key
xpack.security.transport.ssl.certificate: /certs/elastic01.crt
xpack.security.transport.ssl.certificate_authorities: [ "/certs/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.client_authentication: required
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /certs/elastic01.key
xpack.security.http.ssl.certificate: /certs/elastic01.crt
xpack.security.http.ssl.certificate_authorities: [ "/certs/ca.crt" ]
logstash.yml:
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: password
xpack.monitoring.elasticsearch.hosts: ["elastic01.node.com:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /certs/ca/ca.crt
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
I assume, because I have set xpack.security.http.ssl.client_authentication: required
I must provide logstash key and logstash cert in the logstash.yml. Am I assuming right?
But I am not able to find a documentation how to provide this information (key/crt) in logstash.yml.
Do you have any suggestions how I can solve the problem?
PS: I have created all certificates and ca in accordance to this guide: https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash