Use ssl/tls between Filebeat and Logstash problems

Dears,

When I created the certs for Filebeat:

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --pem --ca-cert /etc/elasticsearch/certs/ca.crt --ca-key /etc/elasticsearch/certs/ca.key --in /tmp/filebeats.yml --out /tmp/certs/filebeats.zip

Then filebeat cannot connect to Logstash:

ERROR   [publisher_pipeline_output]     pipeline/output.go:155  Failed to connect to backoff(async(tcp://elk-node-01:5044)): dial tcp 10.0.10.11:5044: connect: connection refused
filebeat.yml:
output.logstash:

  hosts: ["elk-node-01:5044", "elk-node-02:5044", "elk-node-03:5044"]
  loadbalance: true

  ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]
  ssl.certificate: "/etc/filebeat/certs/client.crt"
  ssl.key: "/etc/filebeat/certs/client.key"

In Logstash configuration there are certs used for communication between ELK nodes.
Logstash conf looks like:

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/certs/ca.crt"]
    ssl_certificate => "/etc/logstash/certs/elk-node-01.crt"
    ssl_key => "/etc/logstash/certs/elk-node-01.key"
    ssl_verify_mode => "force_peer"
  }
}

Logstash show error:

elk-node-01 logstash: [2020-07-17T12:26:27,320][ERROR][logstash.javapipeline    ][main] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>java.lang.IllegalArgumentException: 
File does not contain valid private key: /etc/logstash/certs/elk-node-01.key, :backtrace=>["io.netty.handler.ssl.SslContextBuilder.keyManager(io/netty/handler/ssl/SslContextBuilder.java:270)", "io.netty.handler.ssl.SslContextBuilder.forServer(io/netty/handler/ssl/SslContextBuilder.java:90)", "org.logstash.netty.SslContextBuilder.buildContext(org/logstash/netty/SslContextBuilder.java:104)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)

Do you have any idea what is wrong?

Many Thanks.

Regards,
Dan

I found the solution. The file with private key have to be converted to certificate pkcs8. It can be done by openssl tool.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.