Logstash management with self signed sertificate

Hi All,

I have secured my Elasticsearch cluster's (3 nodes) http communication as below:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/cert/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/cert/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/cert/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/cert/elastic-certificates.p12
(The certificates are generated with elasticsearch-certutil. I have copied the same certs to all nodes.)

I have configured my Logstash nodes like below:
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: some_password
xpack.monitoring.elasticsearch.hosts: ["https://xxx.xxx.xxx.210:9200", "https://xxx.xxx.xxx.211:9200", "https://xxx.xxx.xxx.212:9200"]
xpack.monitoring.elasticsearch.ssl.verification_mode: none
xpack.management.enabled: true
xpack.management.pipeline.id: ["some pipelne1", "some pipelne2"]
xpack.management.elasticsearch.username: elastic
xpack.management.elasticsearch.password: some_password
xpack.management.elasticsearch.hosts: ["https://xxx.xxx.xxx.210:9200", "https://xxx.xxx.xxx.211:9200", "https://xxx.xxx.xxx.212:9200"]
xpack.management.elasticsearch.ssl.verification_mode: none

It is unable to connect to the ES cluster.
Version of ES and Logstash: 7.5.2

Everything worked fine till the SSL was not introduced.

Please help me how to avoid this connection issue. Thanks!

Hi @pszemesy,

I am by no means an expert when it comes to the SSL part of Logstash and Elasticsearch but this is what seems to be working for a test setup I have running.

Elasticsearch

xpack.security.enabled: true
xpack.security.http.ssl.client_authentication: optional
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-stack-ca.p12
xpack.security.http.ssl.keystore.type: PKCS12
xpack.security.http.ssl.supported_protocols: TLSv1.2, TLSv1.1
xpack.security.http.ssl.truststore.path: certs/elastic-stack-ca.p12
xpack.security.http.ssl.truststore.type: PKCS12
xpack.security.http.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: optional
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: certs/elastic-stack-ca.p12
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.supported_protocols: TLSv1.2, TLSv1.1
xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate 

My Logstash output config is

output {
  elasticsearch {
    hosts => ["10.0.0.14:9200", "10.0.0.34:9200"]
    index => "my_index"
    cacert => "/etc/logstash/ssl/client-ca.cer"
    ssl_certificate_verification => false
    ssl => true
    user => "elastic"
    password => "my_password"
  }
}

I use my own CA to generate self-signed SSL certs. Logstash should only really need the intermediate cert so that it trusts the CA.

That test setup is running version 7.3.0 of Elasticsearch and Logstash.

Reading through my notes I followed this blog post to set it up.

Hi,
My problem is not with the pipeline configs, but with the Management and Monitoring.
Due to the issue with the xpack.management Logstash not able to retrieve the license information (we have Gold subscription) the pipeline configurations from Elasticsearch.

Hi All,
It was a certificate issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.