Problem metricbeat with ssl

arp220 · December 9, 2020, 11:44am

Hi. I enable ssl for elasticsearch, elasticsearch config is :

cluster.name: es-cluster
path.data: /es-data/elasticsearch
path.logs: /var/log/elasticsearch
http.host: 0.0.0.0
network.host: 0
cluster.initial_master_nodes: 127.0.0.1
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"

and I enable elaticsearch-xpack module for metircbeat and config:

- module: elasticsearch
  xpack.enabled: true
  period: 10s
  hosts: ["https://Es-ip:9200"]
  username: "user"
  password: "pass"
  ssl.certificateAuthorities: [ "/etc/metricbeat/elasticsearch-ca.pem" ]

But I have this error:

Dec 09 15:07:39 Es metricbeat[5372]: 2020-12-09T15:07:39.020+0330        INFO        module/wrapper.go:259        Error fetching data for metricset elasticsearch.cluster_stats: error determining if connected Elasticsearch node is master: error making http request: Get "https://Es-ip:9200/_nodes/_local/nodes": x509: cannot validate certificate for Es-ip because it doesn't contain any IP SANs
Dec 09 15:07:39 Es metricbeat[5372]: 2020-12-09T15:07:39.021+0330        INFO        module/wrapper.go:259        Error fetching data for metricset elasticsearch.index: error determining if connected Elasticsearch node is master: error making http request: Get "https://Es-ip:9200/_nodes/_local/nodes": x509: cannot validate certificate for Es-ip because it doesn't contain any IP SANs
Dec 09 15:07:39 Es metricbeat[5372]: 2020-12-09T15:07:39.021+0330        INFO        module/wrapper.go:259        Error fetching data for metricset elasticsearch.enrich: error determining if connected Elasticsearch node is master: error making http request: Get "https://Es-ip:9200/_nodes/_local/nodes": x509: cannot validate certificate for Es-ip because it doesn't contain any IP SANs
Dec 09 15:07:39 Es metricbeat[5372]: 2020-12-09T15:07:39.024+0330        INFO        module/wrapper.go:259        Error fetching data for metricset elasticsearch.node_stats: error making http request: Get "https://Es-ip:9200/_nodes/_local/stats": x509: cannot validate certificate for Es-ip because it doesn't contain any IP SANs

Where did I go wrong?
thanks.

mgevans · December 9, 2020, 7:02pm

Hi there - a SAN on a certificate is a Subject Alternate Name. In this case an IP SAN would probably indicate that the cert validation routine was looking to confirm the IP addr of the target of the certificate.

You'll likely need to update your certificate. Check out this article which explains a similar setup issue with someone doing logstash with a locally created certificate.

https://serverfault.com/questions/611120/failed-tls-handshake-does-not-contain-any-ip-sans

system · January 6, 2021, 9:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Connecting metricbeat to elasticsearch using ssl connection Elasticsearch	6	334	October 30, 2023
Error encountered in metric beat installation Elasticsearch	1	94	May 20, 2024
Metricbeat elasticsearch module and SSL configuration Beats metricbeat	2	1665	July 21, 2021
Metricbeat SSL to Elastic Setup Beats metricbeat	2	2087	September 4, 2020
Metricbeat doesn't communicate with Elasticsearch Beats elastic-stack-monitoring , elastic-stack-security , metricbeat	2	1363	December 18, 2020

Problem metricbeat with ssl

Related topics