Logstash optional client cert authentication/validation


(Archit Baweja) #1

Hey folks,

I'm trying to setup filebeat/metric client authentication in logstash. I followed the article at https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html

I currently have a fleet of filebeats deployed with no client certs. So I chose the option ssl_verify_mode => "peer", so that my existing filebeats/metricbeat fleet can still connect and send logs, while I test out my client cert configuration in a test filebeat. However my existing filebeat/metricbeats are unable to connect. I see the following error in my logstash logs

{
"level": "INFO",
"loggerName": "org.logstash.beats.BeatsHandler",
"timeMillis": 1520035579443,
"thread": "defaultEventExecutorGroup-5-8",
"logEvent": {
"message": "[local: 0.0.0.0:5044, remote: 10.0.0.65:27085] Handling exception: javax.net.ssl.SSLHandshakeException: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE"
}
}

Am I misunderstanding the difference between force_peer v/s peer option for ssl_verify_mode?

UPDATE: I'm using logstash-6.1.2 and filebeat-6.1.2.
UPDATE 2: Have Openssl 1.0.2k-fips on Amazon Linux.

When testing connection with openssl s_client form my filebeat node, I get the following message: "Verify return code; 0 (ok)".

Thanks in advance,
Archit


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.