Hello,
I am trying to configure a tls comunication between all ELK stack. I am already configured tls between logstash - elasticsearch and elasticsearch - kibana. But when I try to configure the secure comunication between filebeats and logstash with the same certificate used before, it give me errors and does not let me configure the secure comunication.
I had two diferents errors, the first one is is the exactly same certificate used in elasticsearch and kibana comunication:
[2019-03-20T09:33:13,469][ERROR][logstash.inputs.beats ] Looks like you either have a bad certificate, an invalid key or your private key was not in PKCS8 format.
[2019-03-20T09:33:13,548][WARN ][io.netty.channel.ChannelInitializer] Failed to initialize a channel. Closing: [id: 0xb5596e7e, L:/127.0.0.1:4088 - R:/127.0.0.1:48834]
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
and If I try to translate the key format to PKCS8, a new error occurred:
[2019-03-20T09:22:54,663][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:4088, remote: 0:0:0:0:0:0:0:1:52196] Handling exception: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
[2019-03-20T09:22:54,664][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Caused by: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:876) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1124) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
¿Which certificates I need to configure correctly the secure comunication between filebeat and logstash?
I left the configuration I used in filebeat and logstash in case I write something incorrect there:
logstash:
input {
beats {
port => 5044
ssl => true
ssl_certificate => '/elastic/config/certs/tls.crt'
ssl_certificate_authorities => ["/elastic/config/certs/ca.crt"]
#ssl_key => '/elastic/config/certs/tls.p8'
ssl_key => '/elastic/config/certs/tls.key'
}
filebeat:
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/elastic/config/certs/ca.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/elastic/config/certs/tls.crt"
# Client Certificate Key
#ssl.key: "/elastic/config/certs/tls.p8"
ssl.key: "/elastic/config/certs/tls.key"
If you need anything else please let me know.
Thanks