I am trying to configure and run filebeat on the
mysql server in strigo environment. when i run filebeat i am getting SSL error that certificate signed by some different authority.
2021-12-18T05:35:20.274Z INFO eslegclient/connection.go:99 elasticsearch url: https://elasticsearch:9200
2021-12-18T05:35:20.345Z ERROR [esclientleg] eslegclient/connection.go:261 error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority
2021-12-18T05:35:20.345Z ERROR instance/beat.go:951 Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority]
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority]
Can some one from tech support troubleshoot and help me.
Can you provide your ssl configuration for elk and filebeat?
in strigo i ssh to mysql server
vi ./filebeat/filebeat.yml <------- configure filebeat on mysql server
elastic@ip-172-31-47-163:~$ ssh Elasticsearch
[elastic@Elasticsearch ~]$ ls
ca.crt datasets Elasticsearch filebeat heartbeat logstash metricbeat
[elastic@Elasticsearch ~]$ cd Elasticsearch/
[elastic@Elasticsearch Elasticsearch]$ ls
bin config data jdk lib LICENSE.txt logs modules NOTICE.txt plugins README.asciidoc
[elastic@Elasticsearch Elasticsearch]$ cd config/
[elastic@Elasticsearch config]$ ls
ca.crt Elasticsearch.keystore Elasticsearch.yml Elasticsearch.yml.bak jvm.options log4j2.properties node1.crt node1.key
Please use this option to format the code you paste.
From the documentation, you can read.
([Static](https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html#static-cluster-setting)) Controls the verification of certificates. Controls the verification of certificates.
Valid values are:
* `full` , which verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate.
* `certificate` , which verifies that the provided certificate is signed by a trusted authority (CA), but does not perform any hostname verification.
* `none` , which performs *no verification* of the server’s certificate. This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use on production clusters is strongly discouraged.The default value is `full` .
Currently your setting for option
if default so it work as "full"
That means if you did not specify the hostname for a certificate for filebeat and it is different than in certificate. The connection will be refused.
Also you did not provide setting in filebeat config for
Is it set up?
I'll try as mentioned above. ssl settings in filebeat in mysql is not configured. so do i need to set that up as well ??
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.