SSL communication fails btw Filebeat (5.1.1) and Logstash (5.1.1)

Gaurav_Tandon · March 27, 2017, 11:03am

Getting below error in Logstash when filebeat tries to publish logs to Logstash

“Looks like you either have an invalid key or your private key was not in PKCS8 format.”

I followed guidelines in the docs:
https://www.elastic.co/guide/en/beats/filebeat/5.1/configuration-output-ssl.html

I have copied the SSL certs with Server authentication on all the Logstash nodes

The certificates contains subject alternative names (SAN) that correspond to the dns names of all the logstash nodes

   port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/ssl/ca.crt"]
    ssl_certificate => "/etc/logstash/ssl/server.crt"
    ssl_key => "/etc/logstash/ssl/server.key"
    ssl_verify_mode => "force_peer"

and
I have also copied the SSL certs with client authentication, where filebeat is installed .

The certificate contains the CNAME that correspond to the dns names of the application server where filebeat is installed.

output.logstash:
  ssl.enabled: true
  ssl.verification_mode: full
  ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
  ssl.certificate: "/etc/pki/client/cert.crt"
  ssl.key: "/etc/pki/client/cert.key"

All the certs are signed by common CA.

They are in PEM format.

Any advice, what could be missing or wrong here.?

tudor · March 27, 2017, 11:36am

I suspect your private key is not in the PKCS8 format, you can convert it with OpenSSL.

prodrg · March 27, 2017, 2:47pm

Try the following command:

openssl pkcs8 -in privatekey.key -topk8 -nocrypt -out privatekey.p8

Later, set the .p8 file as your new key on the ssl_key field in Logstash configuration file for Beats. This was the way I could make Logstash receive data from Filebeat on my set.

system · April 24, 2017, 2:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.