Unable to Connect Logstash with Elastic

iraed91 · July 4, 2021, 7:06am

Hi All!
I just enabled X-PACK on my elasticsearch and was able to do all required config for elastic and kibana. Now, I have logstash installed in another host and communicating to logstash over the internet on HTTPs protocol. I tried every other possible solution to get logstash to connect to elastic but with no luck. Below are the settings I'm applying to elastic:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/certs/myca-file

And have specified in kibana which is installed in the same host:

elasticsearch.ssl.verificationMode: none

Since the certificate is self-signed through a locally created CA.

Now for logstash I have tried using the same CA and Cert file in the configuration of logstash file and still face connectivity issue with this error:

[[main]-pipeline-manager] javapipeline - Pipeline error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateParsingException: signed fields invalid,
[Converge PipelineAction::Create<main>] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[INFO ] 2021-07-04 06:53:55.964 [LogStash::Runner] runner - Logstash shut down.

Another option I tried is to set SSL to true and then set verification mode to false which also didn't work:

Config:

            ssl => true
            ssl_certificate_verification => false

Error:

elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@WHATEVER:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@WHATEVER:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Your help to get the connection to work is much appreciated!

TimV · July 6, 2021, 3:14am

This suggests there's something wrong with your certificate itself.

What do you really have in this config? Is the file really named "myca-file" ?
What type of file is it?

system · August 3, 2021, 3:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash enable ssl to connect ElasticSearch but cannot run logstash and get error Logstash	13	1301	April 30, 2020
Configuring x-pack for SSl communication betweeen elasticsearch and logstash Logstash	16	3767	July 13, 2017
Logstash can't establish pipeline with ssl Logstash elastic-stack-security	9	7936	August 20, 2019
Logstash to Elasticsearch over SSL Configuration Logstash	3	13072	November 16, 2017
Logstash started failing after making elasticsearch secure Logstash	1	239	June 11, 2021

Unable to Connect Logstash with Elastic

Related topics