I want to encrypt the data from Filebeat to Logstash using SSL but I don't want to enforce validating the certificate. Is that possible? I am trying to avoid generating/buying a ssl for each filebeat host.
If I remove the client certs from the config logstash denies the connection
Exception: javax.net.ssl.SSLHandshakeException: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE
I have this entry in the conf file along with the othe ssl settings.
ssl_verify_mode => none
Thoughts?
I see there isn't any verification so what I'm looking for is to not provide a client key on filebeat host.
So um nevermind? I'm now trying to hide the key file, we want to deploy filebeat at customers sites without providing the .key file. I guess I could password protect it?
Filebeat shouldn't need a key. You can enable TLS (SSL) on the Logstash side, without Beats needing to have its own key.
Keys are only needed if you want to use them as an authentication method between Beats and Logstash. Perhaps you want to use TLS for that, but if you do, then keys become unavoidable - that's how TLS certificate-based authentication works.
I tried filebeat without any ssl configured and got an Exception: not an SSL/TLS record: xxxx....
Logstash beat config,
ssl => true
ssl_key => "c:\logstash\Config\logstashdev1.key"
ssl_certificate => "c:\logstash\Config\logstashdev1.crt"
ssl_certificate_authorities => "c:\logstash\Config\ca.cer"
ssl_verify_mode => none
Then I tried
protocol: "https" in filebeat.yml
and filebeat shows, Failed to publish events caused by: client is not connected.
Am I missing anything?
Thanks
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.