Winlogbeat SSL Server auth only

albbapm · February 15, 2018, 8:31pm

I have successfully implemented mutual authentication between winlogbeat and logstash. However, due to the logistics of exporting certificates to all windows machines that will be sending logs, I would like to set up server authentication only. I have removed ssl_verify_mode from the server and removed the client certificates from winlogbeat but the server is rejecting the connection with the error "Peer did not return a certificate." Is there something more I need to do?

Server setup:

beats {
	    port => 5045
	    type => "wineventlog"
        ssl => true
        ssl_certificate_authorities => ["/etc/logstash/rootca.cer", "/etc/logstash/SubordinateCA.cer"]
        ssl_certificate => "/etc/certs/vplogstashcert.pem"
        ssl_key => "/etc/certs/vplogstashkey.pem"
        }

Client Setup:

output.logstash:
hosts: ["servername.domain.com:5045"]
ssl.enabled: true
ssl.verification_mode: full

andrewkroh · February 15, 2018, 8:43pm

Try removing ssl_certificate_authorities from Logstash. That setting is only has meaning when verifying client certificates.

albbapm · February 15, 2018, 9:00pm

That's it! Thank you!

system · March 15, 2018, 9:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
WinLogBeat - Windows Certificate Store Beats winlogbeat	5	1367	November 18, 2020
Winlogbeats not working with SSL configuration to Logstash Beats winlogbeat	18	6318	May 2, 2018
Beats SSL question Beats	10	1642	July 5, 2017
Winlogbeat to Logstash over SSL Logstash	12	268	February 13, 2023
Winlogbeat TLS Connection to Logstash Beats winlogbeat	14	8992	April 12, 2016

Winlogbeat SSL Server auth only

Related topics