Secure Logstash and Filebeats communication

We are working on an integration where we need to take logs from Filebeat through Logstash. However, Filebeat and Logstash are hosted in different networks. In order to secure the communication, we want to implement SSL. My question, is self-signed CA certificate sufficient to secure the communication? or is it mandatory to deploy a third-party CA certificate?

Yes, it is.

The example in the documentation uses a self-signed CA to secure communications between the beats and logstash.

Thanks for the quick response. Wish you a Happy Birthday.

I have generated and deployed the self- signed certificate. Now Filebeat and Logstash are communicating and getting the data in Logstash.

Here is my configurations –


input {

beats {

port => 5044

type => test_data

ssl => true

ssl_key => '/etc/logstash/logstash_dev.pkcs8.key'

ssl_certificate => '/etc/logstash/logstash_dev.crt'

ssl_verify_mode => "force_peer"

ssl_certificate_authorities => ["/etc/logstash/ca.crt"]





hosts: [""]

ssl.certificate_authorities: ["C:/Elastic/ca.crt"]

ssl.certificate: "C:/Elastic/filebeat_local.crt"

ssl.key: "C:/Elastic/filebeat_local.key"

However when I am trying to verify the certificate using the following command –

openssl s_client -connect localhost:5044

Getting verification error -

SSL handshake has read 1345 bytes and written 416 bytes

Verification error: unable to verify the first certificate

openssl s_client -connect localhost:5044

output -


depth=0 CN = logstash_dev

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = logstash_dev

verify error:num=21:unable to verify the first certificate

verify return:1

139967055057344:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_s3.c:1528:SSL alert number 42

Certificate chain

0 s:CN = logstash_dev

i:CN = Elastic Certificate Tool Autogenerated CA

Can you please help me to resolve this issue? Your help will be highly appreciated.

I'm not sure what is the issue, is Filebeat and Logstash communicating with each other? If so, then there is no issue.

If I'm not wrong, the openssl error you are getting is expected as you are using a self-signed CA that is not on the certificates path of your system, you would need to use the -CAfile pointing to your CA file, I think.

Thanks for your response.
Is there any way to verify if my self signed certificate? Want to ensure my deployed certificate is working properly and can be moved into production.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.