I'm trying to setup multiple logstash servers and came across a possible bug/feature, wanted the community input on this.
I'm setting up two logstash servers for redundancy,let's say they are using IP addresses 192.168.0.100 and 192.168.0.200), I created a SSL certificat like this:
# openssl x509 -in /etc/ssl/certs/logstash-forwarder.crt -text Certificate: Data: Version: 3 (0x2) Serial Number: XXXXXXXXXXXXXX (0xXXXXXXXXXXXXXXXXXXXXXX) Signature Algorithm: sha1WithRSAEncryption Issuer: C=XX, L=Default City, O=Default Company Ltd Validity Not Before: Mar 2 12:41:19 2015 GMT Not After : Feb 27 12:41:19 2025 GMT Subject: C=XX, L=Default City, O=Default Company Ltd Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: .. X509v3 Authority Key Identifier: keyid:.. X509v3 Basic Constraints: CA:TRUE X509v3 Subject Alternative Name: IP Address:192.168.0.100 Signature Algorithm: sha1WithRSAEncryption
Both servers were configured by chance with the same certificate and quickly found out that logstash-forwarder was happily accepting the certificate no matter what server it was connecting to, (LF is setu with both LS servers IPs) instead of complaining about the wrong Subject Alternative Name, I even changed logstash-forwarder to use a dns name and it just keeps humming along.
Can someone explain if this behaviour is expected and the same certificate can be used on multiple servers, or if this is (known?) bug ?
I'm using LF 1.3.1 and LS 1.5.5.
Thanks a lot.