Logstash to elasticsearch ssl connection issue

I have setup an on-prem dev environment with Elasticsearch 8.x and from a client I'm trying to push some data through a Logstash pipeline (version is 8.1.2-1). It seems, however, Logstash wants absolutely that some certs are specified. Basically I'm working on self signed cert on destination and ignoring any cert verification.

My output conf. is

output {
  elasticsearch {
    hosts => ["https://10.x.x.x:9200"]
    # SSL enabled but not verification
    ssl => true
    cacert => "/usr/share/logstash/jdk/lib/security/cacerts"
    ssl_certificate_verification => false
    # index => "%{[@metadata][proxy]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    index => "logstash-test"
    # see https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/433
    user => "elastic"
    password => "secret"

I also uncommented the cacert directive and btw I don't find any other cert in that logstash path.
Ofc I can connect there via curl (with the -k option and specifying a user name and a password).

Relevant messages from tracing are:

[2022-04-20T16:53:31,427][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[""]}
[2022-04-20T16:53:31,452][DEBUG][logstash.outputs.elasticsearch][main] Normalizing http path {:path=>nil, :normalized=>nil}
[2022-04-20T16:53:31,461][WARN ][logstash.outputs.elasticsearch][main] You have enabled encryption but DISABLED certificate verification, to make sure your data is secure remove `ssl_certificate_verification => false`


[2022-04-20T16:53:31,655][ERROR][logstash.javapipeline    ][main] Pipeline error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateException: No certificate data found


Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}

So it seems I need to setup anyway some certs on the client or server side?


The cacert line had to be put, due to a bug, only in a previous version. After removing it was not working probably due to some unclean Logstash configuration reload; so it was reading the previous configuration.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.