Hi,
I have setup an on-prem dev environment with Elasticsearch 8.x and from a client I'm trying to push some data through a Logstash pipeline (version is 8.1.2-1). It seems, however, Logstash wants absolutely that some certs are specified. Basically I'm working on self signed cert on destination and ignoring any cert verification.
My output conf. is
output {
elasticsearch {
hosts => ["https://10.x.x.x:9200"]
# SSL enabled but not verification
ssl => true
cacert => "/usr/share/logstash/jdk/lib/security/cacerts"
ssl_certificate_verification => false
# index => "%{[@metadata][proxy]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
index => "logstash-test"
# see https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/433
user => "elastic"
password => "secret"
}
}
I also uncommented the cacert directive and btw I don't find any other cert in that logstash path.
Ofc I can connect there via curl (with the -k option and specifying a user name and a password).
Relevant messages from tracing are:
[2022-04-20T16:53:31,427][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https://10.160.2.101:9200"]}
[2022-04-20T16:53:31,452][DEBUG][logstash.outputs.elasticsearch][main] Normalizing http path {:path=>nil, :normalized=>nil}
[2022-04-20T16:53:31,461][WARN ][logstash.outputs.elasticsearch][main] You have enabled encryption but DISABLED certificate verification, to make sure your data is secure remove `ssl_certificate_verification => false`
...
[2022-04-20T16:53:31,655][ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateException: No certificate data found
...
Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
So it seems I need to setup anyway some certs on the client or server side?
Thanks.