Logstash and 'clientauth_mode: REQUIRE ' option

Hello.

  • Search Guard and Elasticsearch version 6.4.0

elasticsearch.yml

searchguard.ssl.http.clientauth_mode: REQUIRE

Everything (curl, kibana, curator) works good with certs only (Client certificate based authentication) but… not Logstash:

[2019-02-14T00:17:30,261][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https://logstash:xxxxxx@elasticsearch:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [https://logstash:xxxxxx@elasticsearch:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate”}

Logstash elasticsearch output plugin configuration:

output {

   elasticsearch {

      hosts => ["{{ template "elasticsearch.client.fullname" . }}.{{ .Release.Namespace }}:9200"]

      index => "%{[@metadata][index_name]}-%{+yyyy.MM.dd}"

      template => "/usr/share/logstash/templates/template.json"

      template_name => "name-index-template"

      template_overwrite => true

      manage_template => true

      user => logstash

      password => logstash

      ssl => true

      ssl_certificate_verification => false

      cacert => "/usr/share/logstash/certificates/root-ca.pem"

   }

}

How can I specify logstash.pem and logstash.key certificates generated by search-guard-tlstool-1.6?

Thanks

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version 6.4.0

  • Installed and used enterprise modules, if any no

  • JVM version and operating system version ubuntu

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

guess you need to configure "keystore" for elasticsearch output and provide your cert and key as .jks or .p12

···

Am 14.02.2019 um 02:07 schrieb Oleg T <oleg.trautvein@gmail.com>:

Hello.

* Search Guard and Elasticsearch version 6.4.0

elasticsearch.yml
searchguard.ssl.http.clientauth_mode: REQUIRE

Everything (curl, kibana, curator) works good with certs only (Client certificate based authentication) but... not Logstash:

[2019-02-14T00:17:30,261][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=&gt;"https://logstash:xxxxxx@elasticsearch:9200/", :error_type=&gt;LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=&gt;"Elasticsearch Unreachable: [https://logstash:xxxxxx@elasticsearch:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate"}

Logstash elasticsearch output plugin configuration:
   output {
       elasticsearch {
          hosts => ["{{ template "elasticsearch.client.fullname" . }}.{{ .Release.Namespace }}:9200"]
          index => "%{[@metadata][index_name]}-%{+yyyy.MM.dd}"
          template => "/usr/share/logstash/templates/template.json"
          template_name => "name-index-template"
          template_overwrite => true
          manage_template => true
          user => logstash
          password => logstash
          ssl => true
          ssl_certificate_verification => false
          cacert => "/usr/share/logstash/certificates/root-ca.pem"
       }
    }

How can I specify logstash.pem and logstash.key certificates generated by search-guard-tlstool-1.6?

Thanks

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version 6.4.0
* Installed and used enterprise modules, if any no
* JVM version and operating system version ubuntu
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c4c20361-a54f-4448-8143-95d5b8ccc281%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.