I'm new to ELK Stack so I'm not sure if this issue is actually with Winlogbeat itself or with Logstash. Here is what is happening:
I have an ELK stack server running on CentOS 7 in pretty much a default configuration. In my environment I have a private Root and Intermediate CA setup so I used the Intermediate to sign the certificate being used for TLS by Logstash.
The Root and Intermediate CA have SHA2-512 signatures with ECC public keys. OpenSSL identifies the signature algorithm as "sha512WithRSAEncryption" and the public key algorithm as "id-ecPublicKey".
I am configuring Winlogbeat on a WIndows 2012R2 server in this environment. I can access Kibana on the Windows server via HTTPS and TLS works fine. (Naturally the certificates for the Intermediate and Roots have to installed on the HTTPS client for it to trust them.) However Winglogbeat fails to connect if TLS is enabled and insecure: true" is disabled under output\logstash\tls. It will connect if I comment this out.
The error in the log is :
ERR SSL client failed to connect with: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "Intermediate CA")
The only reference to this on these forums is for a certificate using the deprecated MD5 algorithm, which is not the case here. However some research suggests the problem may be the opposite, that GoLang does not have the SHA2-512 libraries included by default. Specifically this blog post suggests "crypto/sha512" needs to be imported: http://bridge.grumpy-troll.org/2014/05/golang-tls-comodo/
Unfortunately my Linux fu is not nearly strong enough to know where/how/if I can make such a change myself. I'd appreciate any input on this that will help me resolve the issue.