Logstash.licensechecker.licensereader error when enable SSL between logstash and elasticsearch

rambo · October 8, 2019, 9:33am

Hi

I enabled SSL, but logstash met below error:

[2019-10-08T17:21:54,292][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}
[2019-10-08T17:21:55,728][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@192.168.0.178:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@192.168.0.178:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors"}

elasticsearch log:

[2019-10-08T17:39:32,351][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [master-node] http client did not trust this server's certificate, closing connection [id: 0x937b59d2, L:0.0.0.0/0.0.0.0:9200 ! R:/192.168.0.179:45462]

I used below command to generate certificate:

bin/elasticsearch-certutil cert ca --pem --out certs/certs.zip

Then generated below files:

ca.crt , instance.crt, instance.key

elasticsearch.yml:

xpack.ssl.key: /etc/elasticsearch/certs/instance.key
xpack.ssl.certificate: /etc/elasticsearch/certs/instance.crt
xpack.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt

logstash.yml:

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: *****
xpack.monitoring.elasticsearch.hosts: ["https://192.168.0.178:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/etc/logstash/ca.crt"
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
xpack.monitoring.elasticsearch.sniffing: true
http.host: "192.168.0.179"

log.conf:

input {
file {
path => "/var/log/messages"
}
}
output {
elasticsearch {
hosts => ["https://192.168.0.178:9200"]
index => "system-syslog-%{+YYYY.MM}"
user => "elastic"
password => "*****"
ssl => true
cacert => "/etc/logstash/ca.crt"
}
}

logstash and elasticsearch version : 6.7.0

rambo · October 11, 2019, 8:36am

solution: https://www.elastic.co/blog/how-to-setup-tls-for-elasticsearch-kibana-logstash-filebeat-with-offline-install-in-linux

system · November 8, 2019, 8:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.