SSL for FIlebeat -> Logstash (remote error: tls: handshake failure)

Hello Dears,

I am trying to integrate filebeat with logstash using SSL certificates. Filebeat on server1 with server1's SSL certificate and Logstash on Server2 with Server2's certufucate.

Everything works as it should with non-encrypted connections but I get the following error sending from filebeat (7.11.2) to my logstash server (7.11.2). This is all on latest CentOS 7.3.

Filebeat test
Here is the error I'm getting in filebeat:

Filebeat : Logstash.output
Here is my filebeat configuration:

I need help to solve this issue!


The error is telling you that the hostname on the certificate doesn't match the address you're trying to connect to.

Thanks for your response.

CA or Certificate?

The certificate

What is your recommend solution?

What is your recommend solution?

Turn off ssl verification ssl.verification_mode: none or update the SANS on the certificate to match the hostname you're using.

Like this!

Note: I did this change in Logstash Configuration file (XPACK Settings).

No in your Filebeat config, under the logstash output where you have the SSL settings to connect to logstash

Ok, how to update the SANS on the certificate?

That will depend on how you created the certificate. Self signed, internal CA, commercial CA....

It's a commercial CA or internal CA.

I checked the SANS and found this:

Is there a way to update the SANS with recreate the certificate?


It can't be both Commercial and Internal, you either own the CA internally or a 3rd part commercial entity does. As for your question, no you can't modify the certificate after the certificate is issued, that would violate the whole concept of digital signatures. You'll need to reissue the certificate with the correct SANS or update the hostname you're using to connect to logstash to the name on the current SANS

Does I have to create CSR on each server that will host Filebeat or
The CSR will be generated for each Logstash server we have, then we will use the same certificate for both Logstash service and Filebeat?

Note: for your info we have a private CA.

The certificate isn't used on the system running filebeat, its the logstash serer that needs the certificate SANS to match the address used to connect to it. I would not use the same certificate for both the client and server. I would issue a separate client cert for Filebeat.

Welcome to our community @Ahmed_Mouawad! :smiley:

I wanted to drop a quick note to please make sure you do not post pictures of text or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them :slight_smile:

OK @warkolm you are welcome.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.