Unable to connect to elasticsearch with x-pack

Sending Logstash logs to /home/elastic/logstash/logs which is now configured via log4j2.properties
[2019-01-24T12:50:23,035][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-01-24T12:50:23,066][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.4"}
[2019-01-24T12:50:28,551][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2019-01-24T12:50:28,804][WARN ][logstash.outputs.elasticsearch] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change :ssl_certificate_verification to true
[2019-01-24T12:50:29,209][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"#LogStash::OutputDelegator:0x4a4f938b", :error=>"signed fields invalid", :thread=>"#<Thread:0x2c3c334b run>"}
[2019-01-24T12:50:29,220][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateParsingException: signed fields invalid, :backtrace=>["sun.security.x509.X509CertImpl.parse(sun/security/x509/X509CertImpl.java:1791)", "sun.security.x509.X509CertImpl.(sun/security/x509/X509CertImpl.java:195)", "sun.security.provider.X509Factory.parseX509orPKCS7Cert(sun/security/provider/X509Factory.java:471)", "sun.security.provider.X509Factory.engineGenerateCertificates(sun/security/provider/X509Factory.java:356)", "java.security.cert.CertificateFactory.generateCertificates(java/security/cert/CertificateFactory.java:462)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:423)", "org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:290)", "home.elastic.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.manticore_minus_0_dot_6_dot_4_minus_java.lib.manticore.client.block in setup_trust_store(/home/elastic/logstash/vendor/bundle/jruby/2.3.0/gems/manticore-0.6.4-ja

############ truncated the log intentionally because of size limit ##########

_core.lib.logstash.pipeline.block in start(/home/elastic/logstash/logstash-core/lib/logstash/pipeline.rb:160)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:289)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:246)", "java.lang.Thread.run(java/lang/Thread.java:748)"], :thread=>"#<Thread:0x2c3c334b run>"}
[2019-01-24T12:50:29,251][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
[2019-01-24T12:50:29,606][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Hi,

Please don't post unformatted logs like that as these tend to be very hard to read.

Instead paste the text and format it with </> icon, and check the preview
window to make sure it's properly formatted before posting it. This makes it
more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

This message:

[2019-01-24T12:50:29,209][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"#LogStash::OutputDelegator:0x4a4f938b", :error=>"signed fields invalid", :thread=>"#<Thread:0x2c3c334b run>"}

seems to imply that there is PKCS12 keystore that logstash tries to read as though it's a PEM encoded certificate. Please share the relevant section of your Elasticsearch output plugin

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.