TCP input plugin and log4j2 socket appender configuration with SSL

Hi There,

I am trying to set up a secure communication between tcp input plugin and log4j2 socket appender. I have seen multiple posts with same requests but all have been simple closed with literally no replies.

Is there anyone who can help with this use case?


Kaushik Vankayala

Well, what part are you having trouble with?

@Badger : Any input to this post?

Please don't ping individuals like that.

Hey Magnus,

I am unable to get the SSL settings of the TCP implemented. I am getting an error as SSL context initialization failed.

The input plugin i used;

	mode => "server"
	port => 9500
	ssl_enable => true
	ssl_cert => "D:\ELK\Bishwa SSL Files\client.cer"
	ssl_key => "D:\ELK\Bishwa SSL Files\truststore.ts"
	ssl_key_passphrase => "keystorepass"
	ssl_verify => false

Error that i am getting;

I followed this steps below to create the files for SSL;

Create Client/Server Keystores:
Note: Configure an HTTPS client connector with both client keystore and truststore. The client keystore shall contain the clients’ public certificate and private key. The client truststore shall contain the servers’ certificate. And the same for the server keystore shall contain the server’s public certificate and private key. The server truststore shall contain the client’s certificate.

a) As the first step, let's create a keystore for server. In order to do it, execute following command in a terminal.

keytool -genkey -alias server -keyalg RSA -keystore server.jks

b) Once you successfully completed this, java keytool will create a file named "server.jks". In the same way, you can create a client keystore named "client.jks"
keytool -genkey -alias client -keyalg RSA -keystore client.jks

c) Now, you have two files named client.jks and server.jks. Create Server trust-store and Client trust-store.
keytool -export -file server.cert -keystore server.jks -storepass password -alias server
keytool -export -file client.cert -keystore client.jks -storepass password -alias client

Change ‘password’ to your choice.

d) Now you have server.cert and client.cert available. The next step is, getting server's self-signed public key certificate and storing it in client's keystore and vice versa.

As the last step, we need to import server.cert into client keystore and client.cert into server keystore.

keytool -import -file client.cert -keystore server.jks -storepass password -alias client

Above command will store client's self-signed public key certificate (client.cert) in server.jks against the alias "client". And vice-versa for server to client as below

keytool -import -file server.cert -keystore client.jks -storepass password -alias server

e) After all, please view the content of both keystore again using following commands.

keytool -list -v -keystore server.jks -storepass password
keytool -list -v -keystore client.jks -storepass password

P.S. : I am sorry i addressed individual here without their permission. Will not repeat :slight_smile:

Any help is highly appreciated. Thank you.


Kaushik Vankayala

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.