TLS Logstash

Elastic Stack Logstash
1

Hello guys,

I have a beats input on a logstash pipeline using SSL /TLS:

input {
    beats {
        port => 5044
        ssl => true
        ssl_certificate => "/etc/../mycert.pem"
        ssl_key => "/etc/.../mycert.pkcs8"
        ssl_certificate_authorities => ["/etc/.../mycert-ca.pem"]
        cipher_suites => ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"]
    }
}

I have not set the ssl_verify_mode so it should have the default value "none" which doesn't do any client verification.

So Is it possible, for example have communication between a filebeat and this logstash pipeline , without filebeat presenting certificates?

Regards,

2

Yes. Why are you defining ssl_certificate_authorities when it is not used?

3

I have some filebeats that use ssl.verification_mode: "full", and i think by settings this i would need the CA on the server side. Am i wrong?

If i set ssl.verification_mode: "none" on the filebeat side , would this allow filebeat to not use certificates? With also keeping ssl_verify_mode => "none" on the logstash pipeline.

4

verification_mode determines whether filebeat will verify the server certificate that the beats input presents ssl_certificate => "/etc/../mycert.pem". If you set it to full then that certificate must be current, valid, name-matched and signed by a chain that filebeat trusts. The CA that signed the ssl_certificate is most likely included in /etc/../mycert.pem, so you cannot separately supply it.

1 Like
5

Thanks for that information, i will modify my pipeline accordingly.

Regarding the no usage of certificates on the client side, how is this achieved?

6

By removing the CA from the pipeline running on logstash, and using verification_mode: "none" on filebeat i was able to connect with logstash without the usage of any certificate.

Thanks @Badger for your help and time :slight_smile:

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.