SSL Handshake Issue

ashwgupt · June 10, 2015, 11:40am

I am facing a lot of issues to make my Forwarder work even after all steps supposedly followed. Have also been browsing and following tips from - https://github.com/elastic/logstash-forwarder/issues/221 but have not turned lucky yet.

The worst part is that, it has already taken much more time for me to make Forwarder work than it took me for complete setup of Logstash+Kiban+Elasticsearch all together...little sarcatic that is but true!

I've also been exploring the alternatives to logstash-forwarder but still found none that gets on-board fast and easy.

I am very keen to make my forwarder work out but not able to due to the ssl handshake issue.

Can any one help me with the possible reasons for my forwarder (on RHEL 6) not able to work with my Logstash server cert file and throwing the below error everytime?

2015/06/07 15:47:23.964418 Setting trusted CA from file: /usr/bin/mw_lumberjack.crt
2015/06/07 15:47:23.966107 Connecting to [10.51.167.10]:10010 (ukx01234.ab.dc-intl.com)
2015/06/07 15:47:23.971762 Failed to tls handshake with 10.51.167.10 x509: certificate is valid for , not ukx01234.ab.dc-intl.com

Pasting the config and cert details below.

Cert Excerpt:-
Signature Algorithm: sha1WithRSAEncryption

    Issuer: CN=.ab.dc-intl.com
    Validity
        Not Before: Jun  5 12:24:20 2015 GMT
        Not After : Jun  4 12:24:20 2016 GMT
    Subject: CN=.ab.dc-intl.com

Forwarder Config File:-
"network": {
# A list of downstream servers listening for our messages.
# logstash-forwarder will pick one at random and only switch if
# the selected one appears to be dead or unresponsive
"servers": [ "ukx01234.ab.dc-intl.com:10010" ],

##"ssl certificate": "./logstash-forwarder.crt",
##"ssl key": "./logstash-forwarder.key",

"ssl ca": "/usr/bin/mw_lumberjack.crt",

I've already tried other options of mentioning the issuer's FQDN differently in the cert but NO luck.

Any help will be very appreciated and help me run the successful PoC.

warkolm · June 10, 2015, 11:02pm

This looks like a certificate problem.

What are the commands you used to create the cert?

ashwgupt · June 11, 2015, 4:21am

Continuing the discussion from SSL Handshake Issue:

I doubt but still hoping that is the issue. Please find below the command used for creating the cert.

openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout mw_lumberjack.key -out mw_lumberjack.crt -subj '/CN=*.ab.dc-intl.com/'

Just to recap the setup - I've the key and the cert on my Logstash Server side. Logstash server, with forwarder input, is started on the given port on the server.
###tcp 0 0 0.0.0.0:10010 0.0.0.0:* LISTEN

The cert file is transfered to the forwarder side, and the forwarder is attempted to start up with the cert file passed as the ca cert file in configurations.

Please let me know if you observe any mistake there.

warkolm · June 11, 2015, 5:11am

I don't think you can use wildcards, try using a specific name.

ashwgupt · June 11, 2015, 8:24am

That is what I've tried as first thing before trying out *.* and **.Domain and *.Domain etc.