Logstash and 'clientauth_mode: REQUIRE ' option

trautw · February 14, 2019, 1:07am

Hello.

Search Guard and Elasticsearch version 6.4.0

elasticsearch.yml

searchguard.ssl.http.clientauth_mode: REQUIRE

Everything (curl, kibana, curator) works good with certs only (Client certificate based authentication) but… not Logstash:

[2019-02-14T00:17:30,261][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https://logstash:xxxxxx@elasticsearch:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [https://logstash:xxxxxx@elasticsearch:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate”}

Logstash elasticsearch output plugin configuration:

output {

   elasticsearch {

      hosts => ["{{ template "elasticsearch.client.fullname" . }}.{{ .Release.Namespace }}:9200"]

      index => "%{[@metadata][index_name]}-%{+yyyy.MM.dd}"

      template => "/usr/share/logstash/templates/template.json"

      template_name => "name-index-template"

      template_overwrite => true

      manage_template => true

      user => logstash

      password => logstash

      ssl => true

      ssl_certificate_verification => false

      cacert => "/usr/share/logstash/certificates/root-ca.pem"

   }

}

How can I specify logstash.pem and logstash.key certificates generated by search-guard-tlstool-1.6?

Thanks

When asking questions, please provide the following information:

Search Guard and Elasticsearch version 6.4.0
Installed and used enterprise modules, if any no
JVM version and operating system version ubuntu
Search Guard configuration files
Elasticsearch log messages on debug level
Other installed Elasticsearch or Kibana plugins, if any

searchguard_google_group · February 17, 2019, 5:59pm

guess you need to configure "keystore" for elasticsearch output and provide your cert and key as .jks or .p12

···

Am 14.02.2019 um 02:07 schrieb Oleg T <oleg.trautvein@gmail.com>:

Hello.

* Search Guard and Elasticsearch version 6.4.0

elasticsearch.yml
searchguard.ssl.http.clientauth_mode: REQUIRE

Everything (curl, kibana, curator) works good with certs only (Client certificate based authentication) but... not Logstash:

[2019-02-14T00:17:30,261][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://logstash:xxxxxx@elasticsearch:9200/][Manticore::ClientProtocolException] Received fatal alert: bad_certificate"}

Logstash elasticsearch output plugin configuration:
   output {
       elasticsearch {
          hosts => ["{{ template "elasticsearch.client.fullname" . }}.{{ .Release.Namespace }}:9200"]
          index => "%{[@metadata][index_name]}-%{+yyyy.MM.dd}"
          template => "/usr/share/logstash/templates/template.json"
          template_name => "name-index-template"
          template_overwrite => true
          manage_template => true
          user => logstash
          password => logstash
          ssl => true
          ssl_certificate_verification => false
          cacert => "/usr/share/logstash/certificates/root-ca.pem"
       }
    }

How can I specify logstash.pem and logstash.key certificates generated by search-guard-tlstool-1.6?

Thanks

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version 6.4.0
* Installed and used enterprise modules, if any no
* JVM version and operating system version ubuntu
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c4c20361-a54f-4448-8143-95d5b8ccc281%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

Topic		Replies	Views
Trouble with elasticsearch-filter-plugin Search Guard	2	2281	September 11, 2017
Logstash can't connect to logstash Search Guard	3	961	April 19, 2018
Tls-tool-1.8 - updating certs Search Guard	7	835	November 19, 2020
Logstash is not able to input data to elasticsearch Search Guard	2	1744	April 19, 2018
SSL Connection Problem between Logstash and ElasticSearch with SearchGuard Search Guard	5	692	March 16, 2018

Logstash and 'clientauth_mode: REQUIRE ' option

Related Topics