Strigo account SSL issue for mysql

I am trying to configure and run filebeat on the mysql server in strigo environment. when i run filebeat i am getting SSL error that certificate signed by some different authority.


2021-12-18T05:35:20.274Z        INFO    eslegclient/connection.go:99    elasticsearch url: https://elasticsearch:9200
2021-12-18T05:35:20.345Z        ERROR   [esclientleg]   eslegclient/connection.go:261   error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority
2021-12-18T05:35:20.345Z        ERROR   instance/beat.go:951    Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority]
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority]

Can some one from tech support troubleshoot and help me.

Can you provide your ssl configuration for elk and filebeat?

in strigo i ssh to mysql server

ssh mysql
vi ./filebeat/filebeat.yml <------- configure filebeat on mysql server
output.Elasticsearch:
hosts: ["Elasticsearch:9200"]
protocol: "https"
username: "elastic"
password: "password"
ssh.certificate_authorities: ["/home/elastic/ca.crt"]


elastic@ip-172-31-47-163:~$ ssh Elasticsearch

[elastic@Elasticsearch ~]$ ls
ca.crt datasets Elasticsearch filebeat heartbeat logstash metricbeat
[elastic@Elasticsearch ~]$ cd Elasticsearch/
[elastic@Elasticsearch Elasticsearch]$ ls
bin config data jdk lib LICENSE.txt logs modules NOTICE.txt plugins README.asciidoc
[elastic@Elasticsearch Elasticsearch]$ cd config/
[elastic@Elasticsearch config]$ ls
ca.crt Elasticsearch.keystore Elasticsearch.yml Elasticsearch.yml.bak jvm.options log4j2.properties node1.crt node1.key

vi Elasticsearch.yml

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: node1.key
xpack.security.http.ssl.certificate: node1.crt
xpack.security.http.ssl.certificate_authorities: ca.crt
xpack.security.transport.ssl.key: node1.key
xpack.security.transport.ssl.certificate: node1.crt
xpack.security.transport.ssl.certificate_authorities: ca.crt

Please use this option to format the code you paste.
image

From the documentation, you can read.

`xpack.security.http.ssl.verification_mode`

([Static](https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html#static-cluster-setting)) Controls the verification of certificates. Controls the verification of certificates.

Valid values are:

* `full` , which verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate.
* `certificate` , which verifies that the provided certificate is signed by a trusted authority (CA), but does not perform any hostname verification.
* `none` , which performs *no verification* of the server’s certificate. This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use on production clusters is strongly discouraged.The default value is `full` .

Currently your setting for option
xpack.security.http.ssl.verification_mode
if default so it work as "full"

That means if you did not specify the hostname for a certificate for filebeat and it is different than in certificate. The connection will be refused.

Also you did not provide setting in filebeat config for

ssl.certificate: "/path/beats.crt"
ssl.key: "/path/beats.key"

Is it set up?

Thanks Adriann,

I'll try as mentioned above. ssl settings in filebeat in mysql is not configured. so do i need to set that up as well ??

Yes you do.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.