Winlogbeat SSL Server auth only

I have successfully implemented mutual authentication between winlogbeat and logstash. However, due to the logistics of exporting certificates to all windows machines that will be sending logs, I would like to set up server authentication only. I have removed ssl_verify_mode from the server and removed the client certificates from winlogbeat but the server is rejecting the connection with the error "Peer did not return a certificate." Is there something more I need to do?

Server setup:

beats {
	    port => 5045
	    type => "wineventlog"
        ssl => true
        ssl_certificate_authorities => ["/etc/logstash/rootca.cer", "/etc/logstash/SubordinateCA.cer"]
        ssl_certificate => "/etc/certs/vplogstashcert.pem"
        ssl_key => "/etc/certs/vplogstashkey.pem"
        }

Client Setup:

output.logstash:
hosts: ["servername.domain.com:5045"]
ssl.enabled: true
ssl.verification_mode: full

Try removing ssl_certificate_authorities from Logstash. That setting is only has meaning when verifying client certificates.

That's it! Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.