Unable to Connect Logstash with Elastic

iraed91 · July 4, 2021, 7:06am

Hi All!
I just enabled X-PACK on my elasticsearch and was able to do all required config for elastic and kibana. Now, I have logstash installed in another host and communicating to logstash over the internet on HTTPs protocol. I tried every other possible solution to get logstash to connect to elastic but with no luck. Below are the settings I'm applying to elastic:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/certs/myca-file

And have specified in kibana which is installed in the same host:

elasticsearch.ssl.verificationMode: none

Since the certificate is self-signed through a locally created CA.

Now for logstash I have tried using the same CA and Cert file in the configuration of logstash file and still face connectivity issue with this error:

[[main]-pipeline-manager] javapipeline - Pipeline error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateParsingException: signed fields invalid,
[Converge PipelineAction::Create<main>] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[INFO ] 2021-07-04 06:53:55.964 [LogStash::Runner] runner - Logstash shut down.

Another option I tried is to set SSL to true and then set verification mode to false which also didn't work:

Config:

            ssl => true
            ssl_certificate_verification => false

Error:

elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@WHATEVER:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@WHATEVER:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Your help to get the connection to work is much appreciated!

TimV · July 6, 2021, 3:14am

This suggests there's something wrong with your certificate itself.

What do you really have in this config? Is the file really named "myca-file" ?
What type of file is it?

system · August 3, 2021, 3:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.