Logstash TCP SSL Certificate Error

Elastic Stack Logstash
1

I am trying to setup TCP SSL input, below is my configuration:

input {
tcp {
port => 9000
host => "0.0.0.0"
mode => "server"
ssl_enable => true
ssl_verify => false
ssl_extra_chain_certs => "/etc/ssl/cacert.crt"
ssl_cert => "/etc/ssl/logstashus.crt"
ssl_key => "/etc/ssl/logstashus.key"
type => "syslog"
tags => "syslog.imq.input"
}
}

Below is the process which I have followed to create certificates on Ubuntu:

openssl req -new -x509 -sha256 -extensions v3_ca -keyout /etc/ssl/private/cakey.pem -out /etc/ssl/certs/cacert.pem -days 3650

openssl x509 -outform der -in /etc/ssl/certs/cacert.pem -out /etc/ssl/cacert.crt

openssl genrsa -out /etc/ssl/logstashus.key 2048

openssl req -new -key /etc/ssl/logstashus.key -out /etc/ssl/logstashus.csr -sha256

sudo openssl ca -in /etc/ssl/logstashus.csr -config /etc/ssl/openssl.cnf

copied output

2

Sorry for incomplete message.

My certificates are: I am trying to setup TCP SSL input, below is my configuration:

input {
tcp {
port => 9000
host => "0.0.0.0"
mode => "server"
ssl_enable => true
ssl_verify => false
ssl_extra_chain_certs => "/etc/ssl/cacert.crt"
ssl_cert => "/etc/ssl/logstashus.crt"
ssl_key => "/etc/ssl/logstashus.key"
type => "syslog"
tags => "syslog.imq.input"
}
}

Below is the process which I have followed to create certificates on Ubuntu:

openssl req -new -x509 -sha256 -extensions v3_ca -keyout /etc/ssl/private/cakey.pem -out /etc/ssl/certs/cacert.pem -days 3650

openssl x509 -outform der -in /etc/ssl/certs/cacert.pem -out /etc/ssl/cacert.crt

openssl genrsa -out /etc/ssl/logstashus.key 2048

openssl req -new -key /etc/ssl/logstashus.key -out /etc/ssl/logstashus.csr -sha256

sudo openssl ca -in /etc/ssl/logstashus.csr -config /etc/ssl/openssl.cnf

copied output of: -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- into /etc/ssl/logstashus.crt file

Now I am getting below error message:

{:timestamp=>"2016-08-24T14:07:27.761000+0000", :message=>"Could not inititalize SSL context", :exception=>#<OpenSSL::X509::CertificateError: No message available>, :backtrace=>["org/jruby/ext/openssl/X509Cert.java:204:in initialize'", "org/jruby/ext/openssl/X509Cert.java:181:ininitialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.6/lib/logstash/inputs/tcp.rb:213:in ssl_context'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.6/lib/logstash/inputs/tcp.rb:250:innew_server_socket'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-3.0.6/lib/logstash/inputs/tcp.rb:79:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:330:instart_inputs'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:329:instart_inputs'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:180:in start_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/pipeline.rb:136:inrun'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.4-java/lib/logstash/agent.rb:473:in `start_pipeline'"], :level=>:error}

I am clueless as I have tried all possible configuration changes. My certificates are sha256WithRSAEncryption.

Please guide me.

3

I would appreciate if any expert could comment on this?

Regards,

Jay