Beats configuration for using SSL

I am new to Searchguard trying to get the whole system running with Searchguard. Have been able to use SSL for the Elastic nodes, Kibana, Logstash. But I am having a really tough time finding some help on Beats.
I have beats running in 2 manners-

1. Going through Logstash
2. Pushing docs directly to Elastic nodes

How do I configure beats to use the ssl channels in either case? Please provide me some lead.

Hi Rajeev,

Logstash.config

input {

beats {

port => “5043”

	ssl => true

	ssl_certificate_authorities => "D:/Softwares/ELK/ELK_SSL_Certificates/testca/cacert.pem"

	ssl_certificate => "D:/Softwares/ELK/ELK_SSL_Certificates/server/cert.pem"

	ssl_key => "D:/Softwares/ELK/ELK_SSL_Certificates/server/pkcs8.key"

	ssl_verify_mode => "force_peer"

}

}

filebeat.yml

output.logstash:

hosts: [“localhost:5043”]

#Optional SSL. By default is off.

ssl.enabled: true

#List of root certificates for HTTPS server verifications

ssl.certificate_authorities: [“D:/Softwares/ELK/ELK_SSL_Certificates/testca/cacert.pem”]

#Certificate for SSL client authentication

ssl.certificate: “D:/Softwares/ELK/ELK_SSL_Certificates/client/cert.pem”

#Client Certificate Key

ssl.key: “D:/Softwares/ELK/ELK_SSL_Certificates/client/pkcs8.key”

Try this … It had worked for me

And also Rajeev,

I am trying to setup SSL communication in ELK using searchguard. I have used jks files for securing the communication. I want to use Openssl certificates. Can you please help me on how to achive it.

I am really stuck with this.

What do you mean by OpenSSL certificates? JKS is just a container format, all your certificates are stores in there. In fact, our demo certificates are generated with OpenSSL, so I don’t really understand the question, can you elaborate?

Hi Jochen,

I have 2 questions here,

1. I have generated openssl certificates seperately using openssl commands. I want to use them. how can i use them.

2. And w.r.t sgadmin.bat, what is the significance of running this command. The parameters taken by this command is similar to what i have configured in elasticsearch.yml

elasticsearch.yml

searchguard.authcz.admin_dn:

• CN=sgadmin

searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks

searchguard.ssl.transport.keystore_password: 02d9b43a58d6e1060368

searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks

searchguard.ssl.transport.truststore_password: c0659bb0b83d0afae81e

sgadmin command

sgadmin.bat -cd …\sgconfig -ts D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks -tspass c0659bb0b83d0afae81e -ks D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks -kspass 02d9b43a58d6e1060368 –nhnv -h AAEINBLR02717D

why are we running this command? . when the configuration and command inputs are same.

Please, you really need to read the documentation! There’s a whole chapter on sgadmin, what it does and how to use it:

Here’s a post about OpenSSL and keytool:

Thanks Vinod!!. I will try to use these configs.
As pointed out by @Jochen Kressin, please do go through the documentation to generate the certificates. Thats what I have been following to secure the stack in my case.
Specifically for the certificate, there is an online infrastructure set up - Certificate Generator

Hi Rajeev,

Have you solved this issue? Because I do really tough finding this on the Internet.

Thanks