Unable to Connect Logstash with Elastic

Hi All!
I just enabled X-PACK on my elasticsearch and was able to do all required config for elastic and kibana. Now, I have logstash installed in another host and communicating to logstash over the internet on HTTPs protocol. I tried every other possible solution to get logstash to connect to elastic but with no luck. Below are the settings I'm applying to elastic:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/myca-file
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/certs/myca-file

And have specified in kibana which is installed in the same host:

elasticsearch.ssl.verificationMode: none

Since the certificate is self-signed through a locally created CA.

Now for logstash I have tried using the same CA and Cert file in the configuration of logstash file and still face connectivity issue with this error:

[[main]-pipeline-manager] javapipeline - Pipeline error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateParsingException: signed fields invalid,
[Converge PipelineAction::Create<main>] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[INFO ] 2021-07-04 06:53:55.964 [LogStash::Runner] runner - Logstash shut down.

Another option I tried is to set SSL to true and then set verification mode to false which also didn't work:

Config:

            ssl => true
            ssl_certificate_verification => false

Error:

elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@WHATEVER:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@WHATEVER:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Your help to get the connection to work is much appreciated!

This suggests there's something wrong with your certificate itself.

What do you really have in this config? Is the file really named "myca-file" ?
What type of file is it?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.