Valid certificate from filebeat to logstash

Hello,

I am trying to configure a tls comunication between all ELK stack. I am already configured tls between logstash - elasticsearch and elasticsearch - kibana. But when I try to configure the secure comunication between filebeats and logstash with the same certificate used before, it give me errors and does not let me configure the secure comunication.

I had two diferents errors, the first one is is the exactly same certificate used in elasticsearch and kibana comunication:

[2019-03-20T09:33:13,469][ERROR][logstash.inputs.beats ] Looks like you either have a bad certificate, an invalid key or your private key was not in PKCS8 format.

    [2019-03-20T09:33:13,548][WARN ][io.netty.channel.ChannelInitializer] Failed to initialize a channel. Closing: [id: 0xb5596e7e, L:/127.0.0.1:4088 - R:/127.0.0.1:48834]

    Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked

    Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence

    Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence 

and If I try to translate the key format to PKCS8, a new error occurred:

[2019-03-20T09:22:54,663][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:4088, remote: 0:0:0:0:0:0:0:1:52196] Handling exception: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
[2019-03-20T09:22:54,664][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Caused by: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
        at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:876) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
        at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1124) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]

¿Which certificates I need to configure correctly the secure comunication between filebeat and logstash?

I left the configuration I used in filebeat and logstash in case I write something incorrect there:

logstash:

input {
beats {
port => 5044
ssl => true
ssl_certificate => '/elastic/config/certs/tls.crt'
ssl_certificate_authorities => ["/elastic/config/certs/ca.crt"]
#ssl_key => '/elastic/config/certs/tls.p8'
ssl_key => '/elastic/config/certs/tls.key'
}

filebeat:

# Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  ssl.certificate_authorities: ["/elastic/config/certs/ca.crt"]

  # Certificate for SSL client authentication
  ssl.certificate: "/elastic/config/certs/tls.crt"

  # Client Certificate Key
  #ssl.key: "/elastic/config/certs/tls.p8"
  ssl.key: "/elastic/config/certs/tls.key"

If you need anything else please let me know.

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.