Hi Fabien,
I have tried '/dev/null' and an empty file. What happens is the beats input passes these paths to the SSL library. When a client then attempts to communicate to the beats input, the SSL library then forces the use of client side certs, and then fails when no certificate is provided (by the client). Having a look at https://github.com/logstash-plugins/logstash-input-beats/blob/master/src/main/java/org/logstash/netty/SslSimpleBuilder.java, it appears by setting anything in the CA list, requireClientAuth() will return true, then because verify mode defaults to FORCE_PEER, SSL connections fail, even if the user has specified NONE as the verify mode in the beats configuration.
I've put in a pull-request (https://github.com/logstash-plugins/logstash-input-beats/pull/182) to have the beats input fixed. Still waiting on a response for that.
I have also created this in an attempt to have the Java SSL code fixed up. Apparent bug in logstash-input-beats in SslSimpleBuilder.java. If someone from the appropriate team is happy, I'll create another issue for that.
Cheers,
Nick