I have spent two days in configuring filebeat TLS, and always encountered below error. Can anyone give me some tips on how to resolve this issue?
The error message in filebeat side:
Below is the steps and configuration.
- I generated a self-signed certificate, named ca.crt.
openssl genrsa -out ca/ca-key.pem 1024
openssl req -new -out ca/ca.csr -key ca/ca.key -config openssl.cnf
openssl x509 -req -in ca/ca.csr -out ca/ca.crt -signkey ca/ca.key -days 365
- generate server certificate
here, skipped the steps to generate server.csr and server.key file
openssl x509 -req -in server/server.csr -out server/server.crt -signkey server/server.key -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -days 365
- generate client certificate
here, skipped the steps to generate client.csr and client.key file
openssl x509 -req -in client/client.csr -out client/client.crt -signkey client/client.key -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -days 365
Then I configured filebeat tls section like below:
ssl_certificate_authorities => ["/usr/ssl/ca/ca.crt"]
ssl_certificate => "/usr/ssl/server/server.crt"
ssl_key => "/usr/ssl/server/server.key"
ssl_verify_mode => "force_peer"
port => 5044
ssl => true
By the way, my filebeat and logstash are installed in the same virtual machine. filebeat version is 1.2.3, and logstash is 2.3.4
I searched a lot, but didn't find an applicable solution for me. Can anyone who met this kind of issue before, or who have successfully setup filebeat TLS, give me some tips? Thank you so much.