As far as I can see, I've set up Metricbeat to correctly validate/use SSL, but it still gives the following warning when running 'metricbeat test output':
server's certificate chain verification is disabled
My configuration for metricbeat looks like this:
# Reload module configs as they change:
- type: docker
- module: docker
- add_cloud_metadata: ~
supported_protocols: ["TLSv1.2", "TLSv1.3"]
The connection is fully working, as I can see no error from the logs of metricbeat itself and I can also see metrics showing up in Elasticsearch. I've looked through all possible SSL options to configure, but none of them seem to cover this.
Does anyone have any idea here?
A bit of help here would be appreciated. I wonder if the warning is correct at all to be honest.
Could you try to connect to the Elasticsearch instance using
What's behind the var
ELASTICSEARCH_HOSTS? Is it an IP address or DNS name?
Hello Marcin, thanks for replying!
The contents of
openssl s_client -CAfile ./config/certificates/ca.crt -showcerts -connect 01-elasticsearch-dev.internal:9200 I get the following:
depth=1 C = NL, O = Forion, CN = dev Forion CA
depth=0 C = NL, O = Forion, CN = 01-elasticsearch-dev.internal
<full certificate chain including CA + server certificate>
issuer=/C=NL/O=Forion/CN=dev Forion CA
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 6544 bytes and written 415 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
No ALPN negotiated
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Start Time: 1636453514
Timeout : 300 (sec)
Verify return code: 0 (ok)
All looks good as far as I can see.
@mtojek or anyone else, any idea?
I have exactly the same warning from all beat types when testning the connection to Logstash. The warning started when upgrading the beats to version 7.15.0 using TLS version 1.2.
This is pretty annoying since we have service providers to deploy our beats packages on the host. We deliver the packages with Chocotey or apt.
Any help would be appreiciated.
Anyone up for the challenge?
Hi, try setting verification_mode to strict, it should remove the warning. Configure SSL | Metricbeat Reference [7.16] | Elastic
Wow, thanks @Mattias_Brunnert . That indeed solved the issue. Man, I really thought 'full' is the maximum security setting you could select. But apparently 'strict' is more 'full'
Glad to get it resolved
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.