Monitor HTTPS(SSL) url's

Elastic Stack Beats
1

Hi,

I am trying to monitor the ssl urls and for some reason I seem to have issues getting it to work.

heartbeat.monitors:
- type: http
  ##Sample rest api
  urls: ["http://localhost:8725/api/XXX/YYY"]
  check.request.method: POST
  check.request.headers:
    content-type: 'application/json'
    accept-encoding: 'gzip,deflate'
  check.request.body: '<json message>' 
 ssl:
    certificate_authorities: ["C:/certs/issuing_CA1.cer"]
    certificate: "C:/certs/cert1.cer"
  schedule: '@every 10s

I am seeing the following error in logs
2017-04-12T11:04:12-04:00 CRIT Failed reading CA certificate:
2017-04-12T11:04:12-04:00 ERR failed to load monitor tasks: 1 error: file is not a certificate adding C:/certs/issuing_CA1.cer when initializing monitor http(0)

Any help is appreciated.

Thank you.

2
  • spacing of ssl section looks a little off. just copy'n paste error?
  • urls should be https, if you want to connect using HTTPS
  • what you need certificate setting for? Does endpoint require client authentication?
  • Which file format is your certificate in? Error messages says file is not a certificate.
3

Hi Steffen,

Sorry my mistake here is the proper config

- type: http
#  ##Sample
  urls: ["https://server:8725/api/XXX/YYY"]
  check.request.method: POST
  check.request.headers:
    content-type: 'application/json'
    accept-encoding: 'gzip,deflate'
  check.request.body:  '<json message>'
  ssl:
    certificate_authorities: ["C:/certs/issuing_CA1.cer"]
  schedule: '@every 10s'

The certificate is in .cer format. I am able to examine this certificate.

4

.cer is just a file name ending. Beats do require PEM formatted files. I think .cer files can be either PEM (text-based) or DER (binary-based).

Google did find me this. Maybe you want to give it a try.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.