Winlogbeat SSL Server auth only


#1

I have successfully implemented mutual authentication between winlogbeat and logstash. However, due to the logistics of exporting certificates to all windows machines that will be sending logs, I would like to set up server authentication only. I have removed ssl_verify_mode from the server and removed the client certificates from winlogbeat but the server is rejecting the connection with the error "Peer did not return a certificate." Is there something more I need to do?

Server setup:

beats {
	    port => 5045
	    type => "wineventlog"
        ssl => true
        ssl_certificate_authorities => ["/etc/logstash/rootca.cer", "/etc/logstash/SubordinateCA.cer"]
        ssl_certificate => "/etc/certs/vplogstashcert.pem"
        ssl_key => "/etc/certs/vplogstashkey.pem"
        }

Client Setup:

output.logstash:
hosts: ["servername.domain.com:5045"]
ssl.enabled: true
ssl.verification_mode: full

(Andrew Kroh) #2

Try removing ssl_certificate_authorities from Logstash. That setting is only has meaning when verifying client certificates.


#3

That's it! Thank you!


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.