Logstash and 'clientauth_mode: REQUIRE ' option
19 views
Skip to first unread message
Oleg T
Feb 13, 2019, 8:07:57 PM2/13/19
to Search Guard Community Forum
Hello.
* Search Guard and Elasticsearch version 6.4.0
elasticsearch.yml
searchguard.ssl.http.clientauth_mode: REQUIRE
Everything (curl, kibana, curator) works good with certs only (Client certificate based authentication) but... not Logstash:
[2019-02-14T00:17:30,261][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://logstash:xxxxxx@elasticsearch:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate"}
Logstash elasticsearch output plugin configuration:
output {
elasticsearch {
hosts => ["{{ template "elasticsearch.client.fullname" . }}.{{ .Release.Namespace }}:9200"]
index => "%{[@metadata][index_name]}-%{+yyyy.MM.dd}"
template => "/usr/share/logstash/templates/template.json"
template_name => "name-index-template"
template_overwrite => true
manage_template => true
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => false
cacert => "/usr/share/logstash/certificates/root-ca.pem"
}
}
How can I specify logstash.pem and logstash.key certificates generated by search-guard-tlstool-1.6?
Thanks
* Search Guard and Elasticsearch version 6.4.0
* Installed and used enterprise modules, if any no
* JVM version and operating system version ubuntu
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any
SG
Feb 17, 2019, 12:59:21 PM2/17/19
to search...@googlegroups.com
guess you need to configure "keystore" for elasticsearch output and provide your cert and key as .jks or .p12
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c4c20361-a54f-4448-8143-95d5b8ccc281%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c4c20361-a54f-4448-8143-95d5b8ccc281%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages