I'm trying to setup multiple logstash servers and came across a possible bug/feature, wanted the community input on this.
I'm setting up two logstash servers for redundancy,let's say they are using IP addresses 192.168.0.100 and 192.168.0.200), I created a SSL certificat like this:
# openssl x509 -in /etc/ssl/certs/logstash-forwarder.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: XXXXXXXXXXXXXX (0xXXXXXXXXXXXXXXXXXXXXXX)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd
Validity
Not Before: Mar 2 12:41:19 2015 GMT
Not After : Feb 27 12:41:19 2025 GMT
Subject: C=XX, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
..
X509v3 Authority Key Identifier:
keyid:..
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
IP Address:192.168.0.100
Signature Algorithm: sha1WithRSAEncryption
Both servers were configured by chance with the same certificate and quickly found out that logstash-forwarder was happily accepting the certificate no matter what server it was connecting to, (LF is setu with both LS servers IPs) instead of complaining about the wrong Subject Alternative Name, I even changed logstash-forwarder to use a dns name and it just keeps humming along.
Can someone explain if this behaviour is expected and the same certificate can be used on multiple servers, or if this is (known?) bug ?
I'm using LF 1.3.1 and LS 1.5.5.
Thanks a lot.