We are working on an integration where we need to take logs from Filebeat through Logstash. However, Filebeat and Logstash are hosted in different networks. In order to secure the communication, we want to implement SSL. My question, is self-signed CA certificate sufficient to secure the communication? or is it mandatory to deploy a third-party CA certificate?
Yes, it is.
The example in the documentation uses a self-signed CA to secure communications between the beats and logstash.
Thanks for the quick response. Wish you a Happy Birthday.
I have generated and deployed the self- signed certificate. Now Filebeat and Logstash are communicating and getting the data in Logstash.
Here is my configurations –
Logstash=>
input {
beats {
port => 5044
type => test_data
ssl => true
ssl_key => '/etc/logstash/logstash_dev.pkcs8.key'
ssl_certificate => '/etc/logstash/logstash_dev.crt'
ssl_verify_mode => "force_peer"
ssl_certificate_authorities => ["/etc/logstash/ca.crt"]
}
}
Filebeat=>
output.logstash:
hosts: ["x.x.x.xxx:5044"]
ssl.certificate_authorities: ["C:/Elastic/ca.crt"]
ssl.certificate: "C:/Elastic/filebeat_local.crt"
ssl.key: "C:/Elastic/filebeat_local.key"
However when I am trying to verify the certificate using the following command –
openssl s_client -connect localhost:5044
Getting verification error -
SSL handshake has read 1345 bytes and written 416 bytes
Verification error: unable to verify the first certificate
openssl s_client -connect localhost:5044
output -
CONNECTED(00000005)
depth=0 CN = logstash_dev
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = logstash_dev
verify error:num=21:unable to verify the first certificate
verify return:1
139967055057344:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_s3.c:1528:SSL alert number 42
Certificate chain
0 s:CN = logstash_dev
i:CN = Elastic Certificate Tool Autogenerated CA
Can you please help me to resolve this issue? Your help will be highly appreciated.
I'm not sure what is the issue, is Filebeat and Logstash communicating with each other? If so, then there is no issue.
If I'm not wrong, the openssl error you are getting is expected as you are using a self-signed CA that is not on the certificates path of your system, you would need to use the -CAfile pointing to your CA file, I think.
Thanks for your response.
Is there any way to verify if my self signed certificate? Want to ensure my deployed certificate is working properly and can be moved into production.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.