Hello.
* Search Guard and Elasticsearch version 6.4.0
elasticsearch.yml
searchguard.ssl.http.clientauth_mode: REQUIRE
Everything (curl, kibana, curator) works good with certs only (Client certificate based authentication) but... not Logstash:
[2019-02-14T00:17:30,261][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://logstash:xxxxxx@elasticsearch:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate"}
Logstash elasticsearch output plugin configuration:
output {
elasticsearch {
hosts => ["{{ template "elasticsearch.client.fullname" . }}.{{ .Release.Namespace }}:9200"]
index => "%{[@metadata][index_name]}-%{+yyyy.MM.dd}"
template => "/usr/share/logstash/templates/template.json"
template_name => "name-index-template"
template_overwrite => true
manage_template => true
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => false
cacert => "/usr/share/logstash/certificates/root-ca.pem"
}
}
How can I specify logstash.pem and logstash.key certificates generated by search-guard-tlstool-1.6?
Thanks
When asking questions, please provide the following information:
* Search Guard and Elasticsearch version 6.4.0
* Installed and used enterprise modules, if any no
* JVM version and operating system version ubuntu
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any