SSL communication fails btw Filebeat (5.1.1) and Logstash (5.1.1)


(Gaurav Tandon) #1

Getting below error in Logstash when filebeat tries to publish logs to Logstash

“Looks like you either have an invalid key or your private key was not in PKCS8 format.”

I followed guidelines in the docs:
https://www.elastic.co/guide/en/beats/filebeat/5.1/configuration-output-ssl.html

I have copied the SSL certs with Server authentication on all the Logstash nodes

  • The certificates contains subject alternative names (SAN) that correspond to the dns names of all the logstash nodes
   port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/ssl/ca.crt"]
    ssl_certificate => "/etc/logstash/ssl/server.crt"
    ssl_key => "/etc/logstash/ssl/server.key"
    ssl_verify_mode => "force_peer"

and
I have also copied the SSL certs with client authentication, where filebeat is installed .

  • The certificate contains the CNAME that correspond to the dns names of the application server where filebeat is installed.
output.logstash:
  ssl.enabled: true
  ssl.verification_mode: full
  ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
  ssl.certificate: "/etc/pki/client/cert.crt"
  ssl.key: "/etc/pki/client/cert.key"

All the certs are signed by common CA.

They are in PEM format.

Any advice, what could be missing or wrong here.?


(Tudor Golubenco) #2

I suspect your private key is not in the PKCS8 format, you can convert it with OpenSSL.


#3

Try the following command:

openssl pkcs8 -in privatekey.key -topk8 -nocrypt -out privatekey.p8

Later, set the .p8 file as your new key on the ssl_key field in Logstash configuration file for Beats. This was the way I could make Logstash receive data from Filebeat on my set.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.