I have a beats input on a logstash pipeline using SSL /TLS:
port => 5044
ssl => true
ssl_certificate => "/etc/../mycert.pem"
ssl_key => "/etc/.../mycert.pkcs8"
ssl_certificate_authorities => ["/etc/.../mycert-ca.pem"]
cipher_suites => ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"]
I have not set the
ssl_verify_mode so it should have the default value "none" which doesn't do any client verification.
So Is it possible, for example have communication between a filebeat and this logstash pipeline , without filebeat presenting certificates?
Yes. Why are you defining ssl_certificate_authorities when it is not used?
I have some filebeats that use
ssl.verification_mode: "full", and i think by settings this i would need the CA on the server side. Am i wrong?
If i set
ssl.verification_mode: "none" on the filebeat side , would this allow filebeat to not use certificates? With also keeping ssl_verify_mode =>
"none" on the logstash pipeline.
verification_mode determines whether filebeat will verify the server certificate that the beats input presents
ssl_certificate => "/etc/../mycert.pem". If you set it to full then that certificate must be current, valid, name-matched and signed by a chain that filebeat trusts. The CA that signed the ssl_certificate is most likely included in /etc/../mycert.pem, so you cannot separately supply it.
Thanks for that information, i will modify my pipeline accordingly.
Regarding the no usage of certificates on the client side, how is this achieved?
By removing the CA from the pipeline running on logstash, and using
verification_mode: "none" on filebeat i was able to connect with logstash without the usage of any certificate.
Thanks @Badger for your help and time
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.