SSL issue Logstash sending logs to a Kafka instance

shanem · August 19, 2022, 5:33pm

We are getting a SSL error sending to Kafka from Logstash. We generated a csr, which was signed by the Kafka's CA. Then we took the pub and private key and converted them to a pkcs12 format with openssl with something like this:
openssl pkcs12 -export -in cert-with-chain.pem -inkey cert.key -name "<name>" -out keystore.p12

Then we took the p12 file and created a JKS with this:
keytool -importkeystore -srckeystore src.keystore -srcstoretype pkcs12 -srcalias "<alias>" -destkeystore dest.keystore -deststoretype jks

For the truststore, we used the Root CA public key and imported it into a JKS as well. If anyone has any tips on where to look next, or how to troubleshoot this error, it would be greatly appreciated.

Here is the error message from our logstash log:
[2022-08-19T15:08:06,615][INFO ][org.apache.kafka.common.network.Selector] [Producer clientId=producer-1] Failed authentication with soc-queue-prod-02.it.vt.edu/198.82.161.168 (SSL handshake failed)
[2022-08-19T15:08:06,615][ERROR][org.apache.kafka.clients.NetworkClient] [Producer clientId=producer-1] Connection to node -2 (soc-queue-prod-02.it.vt.edu/198.82.161.168:9092) failed authentication due to: SSL handshake failed
[2022-08-19T15:08:06,615][WARN ][org.apache.kafka.clients.NetworkClient] [Producer clientId=producer-1] Bootstrap broker soc-queue-prod-02.it.vt.edu:9092 (id: -2 rack: null) disconnected

Here is our output plugin:
output {
if [module] =~ "zeek" and [dataset] =~ "conn" {
kafka {
id => "events_to_kafka"
bootstrap_servers => "soc-queue-prod-01.it.vt.edu:9092,soc-queue-prod-02.it.vt.edu:9092,soc-queue-prod-03.it.vt.edu:9092,soc-queue-prod-04.it.vt.edu:9092,soc-queue-prod-05.it.vt.edu:9092,soc-queue-prod-06.it.vt.edu:9092,soc-queue-prod-07.it.vt.edu:9092,soc-queue-prod-08.it.vt.edu:9092,soc-queue-prod-09.it.vt.edu:9092"
topic_id => "soc-queue-itso"
codec => "json"
security_protocol => "SSL"
ssl_keystore_location => "/usr/share/logstash/data/cliffbar.iso.vt.edu.jks"
ssl_keystore_password => "password"
ssl_truststore_location => "/usr/share/logstash/data/LAAca.jks"
#ssl_truststore_location => "/opt/logstash/certs/LAAca.jks"
ssl_truststore_password => "password"
retries => 0
ssl_endpoint_identification_algorithm => ""
}
}
}

system · September 16, 2022, 5:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL handshake error with logstash 7.8.0 kafka integration Logstash	2	1945	September 10, 2020
Logstash - Kafka input handshake fails Logstash	0	114	April 10, 2024
Logstash Kafka output fails on TLS post-handshake messags Logstash	0	87	August 21, 2024
After upgrading logstash to 6.6, I get failed authentication due to: SSL handshake failed Logstash	1	641	July 20, 2020
Configuring logstash with ssl and sending message to kafka(with ssl) topic Logstash	1	468	July 19, 2019

SSL issue Logstash sending logs to a Kafka instance

Related topics