Multiple ssl certificates in logstash-forwarder

(Vidit Maniyar) #1

The basic/example config shipped with logstash-forwarder states the following for listing multiple downstream servers:

#A list of downstream servers listening for our messages.
#logstash-forwarder will pick one at random and only switch if
#the selected one appears to be dead or unresponsive
"servers": [ "localhost:5043" ],

Now going further in the next section of the config:


The path to your trusted ssl CA file. This is used

# to authenticate your downstream server.
#"ssl ca": "./logstash-forwarder.crt",


So the list of servers is an array and there is provision to add only one certificate file path in the form of string- Now my case is that I have more than one certificates (issues per public IP of my logstash boxes since I don't have a DNS for them). Is there a work around for this?

One that that I think might work is using a wildcard "*" while generating a certificate but would like to get some opinions on that - how good/bad it is?

(Mike Simos) #2

It should be fine to use a wildcard cert assuming you always connect with * You may want to read over this conversation to get a better feel for what works and what doesn't.

(system) #3