Hi All!
I just enabled X-PACK on my elasticsearch and was able to do all required config for elastic and kibana. Now, I have logstash installed in another host and communicating to logstash over the internet on HTTPs protocol. I tried every other possible solution to get logstash to connect to elastic but with no luck. Below are the settings I'm applying to elastic:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/certs/myca-file
And have specified in kibana which is installed in the same host:
elasticsearch.ssl.verificationMode: none
Since the certificate is self-signed through a locally created CA.
Now for logstash I have tried using the same CA and Cert file in the configuration of logstash file and still face connectivity issue with this error:
[[main]-pipeline-manager] javapipeline - Pipeline error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateParsingException: signed fields invalid,
[Converge PipelineAction::Create<main>] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[INFO ] 2021-07-04 06:53:55.964 [LogStash::Runner] runner - Logstash shut down.
Another option I tried is to set SSL to true and then set verification mode to false which also didn't work:
Config:
ssl => true
ssl_certificate_verification => false
Error:
elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@WHATEVER:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@WHATEVER:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
Your help to get the connection to work is much appreciated!