TLS Logstash

Hello guys,

I have a beats input on a logstash pipeline using SSL /TLS:

input {
    beats {
        port => 5044
        ssl => true
        ssl_certificate => "/etc/../mycert.pem"
        ssl_key => "/etc/.../mycert.pkcs8"
        ssl_certificate_authorities => ["/etc/.../mycert-ca.pem"]
        cipher_suites => ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"]

I have not set the ssl_verify_mode so it should have the default value "none" which doesn't do any client verification.

So Is it possible, for example have communication between a filebeat and this logstash pipeline , without filebeat presenting certificates?


Yes. Why are you defining ssl_certificate_authorities when it is not used?

I have some filebeats that use ssl.verification_mode: "full", and i think by settings this i would need the CA on the server side. Am i wrong?

If i set ssl.verification_mode: "none" on the filebeat side , would this allow filebeat to not use certificates? With also keeping ssl_verify_mode => "none" on the logstash pipeline.

verification_mode determines whether filebeat will verify the server certificate that the beats input presents ssl_certificate => "/etc/../mycert.pem". If you set it to full then that certificate must be current, valid, name-matched and signed by a chain that filebeat trusts. The CA that signed the ssl_certificate is most likely included in /etc/../mycert.pem, so you cannot separately supply it.

1 Like

Thanks for that information, i will modify my pipeline accordingly.

Regarding the no usage of certificates on the client side, how is this achieved?

By removing the CA from the pipeline running on logstash, and using verification_mode: "none" on filebeat i was able to connect with logstash without the usage of any certificate.

Thanks @Badger for your help and time :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.