SSL issue Logstash sending logs to a Kafka instance

shanem · August 19, 2022, 5:33pm

We are getting a SSL error sending to Kafka from Logstash. We generated a csr, which was signed by the Kafka's CA. Then we took the pub and private key and converted them to a pkcs12 format with openssl with something like this:
openssl pkcs12 -export -in cert-with-chain.pem -inkey cert.key -name "<name>" -out keystore.p12

Then we took the p12 file and created a JKS with this:
keytool -importkeystore -srckeystore src.keystore -srcstoretype pkcs12 -srcalias "<alias>" -destkeystore dest.keystore -deststoretype jks

For the truststore, we used the Root CA public key and imported it into a JKS as well. If anyone has any tips on where to look next, or how to troubleshoot this error, it would be greatly appreciated.

Here is the error message from our logstash log:
[2022-08-19T15:08:06,615][INFO ][org.apache.kafka.common.network.Selector] [Producer clientId=producer-1] Failed authentication with soc-queue-prod-02.it.vt.edu/198.82.161.168 (SSL handshake failed)
[2022-08-19T15:08:06,615][ERROR][org.apache.kafka.clients.NetworkClient] [Producer clientId=producer-1] Connection to node -2 (soc-queue-prod-02.it.vt.edu/198.82.161.168:9092) failed authentication due to: SSL handshake failed
[2022-08-19T15:08:06,615][WARN ][org.apache.kafka.clients.NetworkClient] [Producer clientId=producer-1] Bootstrap broker soc-queue-prod-02.it.vt.edu:9092 (id: -2 rack: null) disconnected

Here is our output plugin:
output {
if [module] =~ "zeek" and [dataset] =~ "conn" {
kafka {
id => "events_to_kafka"
bootstrap_servers => "soc-queue-prod-01.it.vt.edu:9092,soc-queue-prod-02.it.vt.edu:9092,soc-queue-prod-03.it.vt.edu:9092,soc-queue-prod-04.it.vt.edu:9092,soc-queue-prod-05.it.vt.edu:9092,soc-queue-prod-06.it.vt.edu:9092,soc-queue-prod-07.it.vt.edu:9092,soc-queue-prod-08.it.vt.edu:9092,soc-queue-prod-09.it.vt.edu:9092"
topic_id => "soc-queue-itso"
codec => "json"
security_protocol => "SSL"
ssl_keystore_location => "/usr/share/logstash/data/cliffbar.iso.vt.edu.jks"
ssl_keystore_password => "password"
ssl_truststore_location => "/usr/share/logstash/data/LAAca.jks"
#ssl_truststore_location => "/opt/logstash/certs/LAAca.jks"
ssl_truststore_password => "password"
retries => 0
ssl_endpoint_identification_algorithm => ""
}
}
}

system · September 16, 2022, 5:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL handshake error with logstash 7.8.0 kafka integration Logstash	2	1937	September 10, 2020
Logstash - Kafka input handshake fails Logstash	0	110	April 10, 2024
Logstash Kafka output fails on TLS post-handshake messags Logstash	0	67	August 21, 2024
After upgrading logstash to 6.6, I get failed authentication due to: SSL handshake failed Logstash	1	640	July 20, 2020
Issue's in configuring kafka input plugin with TLS Logstash	1	418	August 3, 2023

SSL issue Logstash sending logs to a Kafka instance

Related Topics