I am trying to configure and run filebeat on the mysql server in strigo environment. when i run filebeat i am getting SSL error that certificate signed by some different authority.
2021-12-18T05:35:20.274Z INFO eslegclient/connection.go:99 elasticsearch url: https://elasticsearch:9200
2021-12-18T05:35:20.345Z ERROR [esclientleg] eslegclient/connection.go:261 error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority
2021-12-18T05:35:20.345Z ERROR instance/beat.go:951 Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority]
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://elasticsearch:9200: Get "https://elasticsearch:9200": x509: certificate signed by unknown authority]
Can some one from tech support troubleshoot and help me.
ssh mysql
vi ./filebeat/filebeat.yml <------- configure filebeat on mysql server
output.elasticsearch:
hosts: ["elasticsearch:9200"]
protocol: "https"
username: "elastic"
password: "password"
ssh.certificate_authorities: ["/home/elastic/ca.crt"]
elastic@ip-172-31-47-163:~$ ssh elasticsearch
[elastic@elasticsearch ~]$ ls
ca.crt datasets elasticsearch filebeat heartbeat logstash metricbeat
[elastic@elasticsearch ~]$ cd elasticsearch/
[elastic@elasticsearch elasticsearch]$ ls
bin config data jdk lib LICENSE.txt logs modules NOTICE.txt plugins README.asciidoc
[elastic@elasticsearch elasticsearch]$ cd config/
[elastic@elasticsearch config]$ ls
ca.crt elasticsearch.keystore elasticsearch.yml elasticsearch.yml.bak jvm.options log4j2.properties node1.crt node1.key
Please use this option to format the code you paste.
From the documentation, you can read.
`xpack.security.http.ssl.verification_mode`
([Static](https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html#static-cluster-setting)) Controls the verification of certificates. Controls the verification of certificates.
Valid values are:
* `full` , which verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server’s hostname (or IP address) matches the names identified within the certificate.
* `certificate` , which verifies that the provided certificate is signed by a trusted authority (CA), but does not perform any hostname verification.
* `none` , which performs *no verification* of the server’s certificate. This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use on production clusters is strongly discouraged.The default value is `full` .
Currently your setting for option xpack.security.http.ssl.verification_mode
if default so it work as "full"
That means if you did not specify the hostname for a certificate for filebeat and it is different than in certificate. The connection will be refused.
Also you did not provide setting in filebeat config for
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.