Winlogbeat is not accpeting .crt and .key

Rahul_Dankhara · September 5, 2020, 3:01pm

I am using .crt and .key for authentication of filebeat with logstash. Which is working perfectly fine.

I am using the same certificates for winlogbeat and it is not working as expected.

Followed this doc to create .ca and .crt. It is working fine for the complete cluster encryption but the only winlogbeat is the issue. https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash

output.logstash:
  enabled: true
  hosts: ["aws-elb:5042"]
  ssl.certificate_authorities: C:\Program Files\winlogbeat\SSL\ca.crt
  ssl.certificate: C:\Program Files\winlogbeat\SSL\ca.crt
  ssl.key: C:\Program Files\winlogbeat\SSL\ca.key`

PFB Error:
`PS C:\Program Files\winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e                                                                                                                                                          2020-09-05T20:26:06.928+0530    INFO    instance/beat.go:647    Home path: [C:\Program Files\winlogbeat] Config path: [C:\Program Files\winlogbeat] Data path: [C:\Program Files\winlogbeat\data] Logs path: [C:\Program Files\winlogbeat\logs]
2020-09-05T20:26:06.929+0530    INFO    instance/beat.go:655    Beat ID: 645486f7-e240-41bf-afb7-b6e498cfbb51
2020-09-05T20:26:06.980+0530    INFO    [add_cloud_metadata]    add_cloud_metadata/add_cloud_metadata.go:89     add_cloud_metadata: hosting provider type not detected.
2020-09-05T20:26:06.974+0530    INFO    [beat]  instance/beat.go:983    Beat info       {"system_info": {"beat": {"path": {"config": "C:\\Program Files\\winlogbeat", "data": "C:\\Program Files\\winlogbeat\\data", "home": "C:\\Program Files\\winlogbeat", "logs": "C:\\Program Files\\winlogbeat\\logs"}, "type": "winlogbeat", "uuid": "645486f7-e240-41bf-afb7-b6e498cfbb51"}}}
2020-09-05T20:26:06.980+0530    INFO    [beat]  instance/beat.go:992    Build info      {"system_info": {"build": {"commit": "94f7632be5d56a7928595da79f4b829ffe123744", "libbeat": "7.8.1", "time": "2020-07-21T15:24:38.000Z", "version": "7.8.1"}}}
2020-09-05T20:26:06.980+0530    INFO    [beat]  instance/beat.go:995    Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":8,"version":"go1.13.10"}}}
2020-09-05T20:26:07.005+0530    INFO    [beat]  instance/beat.go:999    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-09-04T10:07:44.23+05:30","name":"Rahul-Laptop","ip":["fe80::85fc:6009:4c07:653/64","169.254.6.83/16","fe80::8c33:f8c:9a59:28a8/64","169.254.40.168/16","fe80::b44f:1690:20fe:93ea/64","169.254.147.234/16","fe80::61:4ee7:64b4:87fb/64","192.168.239.1/24","fe80::3d99:9b16:e7f6:5495/64","192.168.13.1/24","2405:201:200c:983b:7d21:50b0:560:b187/64","2405:201:200c:983b:b8df:3113:b588:783b/128","fe80::7d21:50b0:560:b187/64","192.168.29.108/24","::1/128","127.0.0.1/8"],"kernel_version":"10.0.18362.1016 (WinBuild.160101.0800)","mac":["8c:ec:4b:26:9f:ec","9e:30:5b:74:30:85","ae:30:5b:74:30:85","00:50:56:c0:00:01","00:50:56:c0:00:08","9c:30:5b:74:30:85"],"os":{"family":"windows","platform":"windows","name":"Windows 10 Home Single Language","version":"10.0","major":10,"minor":0,"patch":0,"build":"18363.1016"},"timezone":"IST","timezone_offset_sec":19800,"id":"0d277410-8e8c-4a5e-ba5c-5dff5a31e7f0"}}}
2020-09-05T20:26:07.006+0530    INFO    [beat]  instance/beat.go:1028   Process info    {"system_info": {"process": {"cwd": "C:\\Program Files\\winlogbeat", "exe": "C:\\Program Files\\winlogbeat\\winlogbeat.exe", "name": "winlogbeat.exe", "pid": 11148, "ppid": 16208, "start_time": "2020-09-05T20:26:06.842+0530"}}}
2020-09-05T20:26:07.007+0530    INFO    instance/beat.go:310    Setup Beat: winlogbeat; Version: 7.8.1
2020-09-05T20:26:07.007+0530    ERROR   [tls]   tlscommon/tls.go:55     Failed reading certificate file C:\Program Files\winlogbeat\SSL\ca.crt: no pem file
2020-09-05T20:26:07.007+0530    ERROR   [tls]   tlscommon/tls.go:156    Failed to add CA to the cert pool, CA is not a valid PEM file
2020-09-05T20:26:07.007+0530    ERROR   instance/beat.go:958    Exiting: error initializing publisher: 2 errors: no pem file C:\Program Files\winlogbeat\SSL\ca.crt; file is not a certificate adding C:\Program Files\winlogbeat\SSL\ca.crt to the list of known CAs
Exiting: error initializing publisher: 2 errors: no pem file C:\Program Files\winlogbeat\SSL\ca.crt; file is not a certificate adding C:\Program Files\winlogbeat\SSL\ca.crt to the list of known CAs

system · October 3, 2020, 5:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeats not working with SSL configuration to Logstash Beats winlogbeat	18	6311	May 2, 2018
Windows beats and Logstash Beats winlogbeat	2	883	April 3, 2018
Logstash / Beats Encryption Error Logstash	1	175	September 1, 2023
Winlogbeat to Logstash over SSL Logstash	12	267	February 13, 2023
Secure filebeat to logstash Beats filebeat	22	1939	August 27, 2020

Winlogbeat is not accpeting .crt and .key

Related Topics