So I'm wondering if anyone has run into this issue before.
I've created a self signed cert on my elastic/logstash box and deployed this to a dev box as well. After thinking this was working since I get no errors regarding the certificates I went to watch the traffic with wireshark to confirm and it just shows TCP traffic and no TLS traffic between the two machines.
My configuration is fairly basic:
port => 5045
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
hosts: ["elastic01.***[omitted]****.com:5045"] tls: certificate_authorities: ["C:/ProgramData/winlogbeat/logstash-forwarder.crt"]
If anyone has any thoughts I'd be very curious. I don't even see an SSL handshake take place or errors anywhere in any log.