Hello all,
First off - Thanks for LogStash
I am looking for help in solving the error (see title) from my /var/log/logstash/logstash-plain.log
log (when debug enabled)
I have an SSL cert from LetsEncrypt and have the following config:
input {
tcp {
....
ssl_enable => true
ssl_cert => "/certs/cert.pem"
ssl_key => "/certs/privkey.pem"
ssl_extra_chain_certs => [ "/certs/fullchain.pem" ]
ssl_verify => false
}
}
I have done a fair amount of googling and found a few issues from the older github repos, but nothing seems to help.
I think the problem is found with openssl - see last line of the following terminal snippet
$ openssl s_client -connect logstash.autoenrolment.co.uk:6514
CONNECTED(00000003)
depth=0 CN = logstash.autoenrolment.co.uk
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = logstash.autoenrolment.co.uk
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=logstash.autoenrolment.co.uk
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAyaiusxo79akgXO2YycMPQkOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAxMTMxMTIxMDBaFw0x
NzA0MTMxMTIxMDBaMCcxJTAjBgNVBAMTHGxvZ3N0YXNoLmF1dG9lbnJvbG1lbnQu
Y28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZLQIuPbMSKSej
1fJjoRNdCsYdR2eEVamAZzYYMnoW0/cOkesWs0hBOSRikuvDfXRfNDIoVk+vYQnd
Jb0RdoYpdSKqQqKh8ZgeJ9zl3p3IrZpDHbykTgcKuIqBZqGSzlzfaDqV5e0npCKC
ffDR5TVrNvXJnE3FKfDf31FHt1R15SV7ghjo/8Dgn+h+KtlsU5NuATXJKbzGKFYm
+IvKPJr+NqENdxY89bkSqnI06b6OCxA4pH5tfzPvGVbEpY7Rbwr2QAPZEh2hBD29
q4cM+9rhWSO+am8XJniOHp51rIywkf9NT83D19HtE3pT6lwotw6yWqw1lSW9VXsU
QTLV418FAgMBAAGjggIdMIICGTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCh7iYm/
NXXEyB5PPzFHGuqDGKI0MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyh
MHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14
My5sZXRzZW5jcnlwdC5vcmcvMCcGA1UdEQQgMB6CHGxvZ3N0YXNoLmF1dG9lbnJv
bG1lbnQuY28udWswgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8T
AQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCB
qwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJl
bGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRh
bmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczov
L2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA
h48aZAfB5eDRAGIO2OmYuJUP9wloyk+2CIKb8eB1YWZma1mfWzBOyDa+nrnrunaq
2pE1GPIaIB988fzUoWsJcbn09PqQPH9TmAd5luIgwHK35my9NW17uQH9J78XZDJV
lHfIR7ZxSO39CLlGvCrL6M/u1YvCu5xpoAskwq2jCrAsxqDCadfeXu+J/gOSIdfs
2a5x/hu1Q3JFOnfSD2jjLk2/+ROFWJb8D7nQxO6i7X7b3ZR3hN9GFk+eE2MGqquy
0VT5Is3I4ZXKVKFULJFZbVlLesm3BzM1i35qC30IyANGQ6anIvUP1AEcz6w08o4I
H9ID6zIMuNLI1NlFDgdfcg==
-----END CERTIFICATE-----
subject=/CN=logstash.autoenrolment.co.uk
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1836 bytes and written 473 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA256
Session-ID: 5878C76446C94D51C018A8780D91EC897F78C470E2CF8ECDA80DC28838256702
Session-ID-ctx:
Master-Key: CAABC3F88FF12584FAFF3BCB92091A9A007D9C4B8AE8A5BE931E1A880AD5C996D4149E285F785F7A6A0BA05A26A54385
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1484310372
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
I wondered if anyone here would be kind enough to offer any little bit of advise that might help me resolve my issue