SSL communication fails btw Filebeat (5.1.1) and Logstash (5.1.1)

Getting below error in Logstash when filebeat tries to publish logs to Logstash

“Looks like you either have an invalid key or your private key was not in PKCS8 format.”

I followed guidelines in the docs:

I have copied the SSL certs with Server authentication on all the Logstash nodes

  • The certificates contains subject alternative names (SAN) that correspond to the dns names of all the logstash nodes
   port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/ssl/ca.crt"]
    ssl_certificate => "/etc/logstash/ssl/server.crt"
    ssl_key => "/etc/logstash/ssl/server.key"
    ssl_verify_mode => "force_peer"

I have also copied the SSL certs with client authentication, where filebeat is installed .

  • The certificate contains the CNAME that correspond to the dns names of the application server where filebeat is installed.
  ssl.enabled: true
  ssl.verification_mode: full
  ssl.certificate_authorities: ["/etc/pki/root/ca.crt"]
  ssl.certificate: "/etc/pki/client/cert.crt"
  ssl.key: "/etc/pki/client/cert.key"

All the certs are signed by common CA.

They are in PEM format.

Any advice, what could be missing or wrong here.?

I suspect your private key is not in the PKCS8 format, you can convert it with OpenSSL.

Try the following command:

openssl pkcs8 -in privatekey.key -topk8 -nocrypt -out privatekey.p8

Later, set the .p8 file as your new key on the ssl_key field in Logstash configuration file for Beats. This was the way I could make Logstash receive data from Filebeat on my set.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.