Metric Beat Search Guard Elastic Question

Hi all,

i have elastic search 6.1.2

Metricbeat 6.1.2 as well

i am trying to send data from metricbeat => elastic coordinator

I am stuck in the certificates loop in metricbeat

output.elasticsearch:

Array of hosts to connect to.

hosts: [“10.16.11.172:9200”]

index: “metricbeat-ocean-qa-%{[beat.version]}-%{+yyyy.MM.dd}”

Optional protocol and basic auth credentials.

protocol: “https”

username: “admin”

password: “admin”

ssl.certificate_authorities: ["/etc/metricbeat/root-ca.pem"]

ssl.certificate: "/etc/metricbeat/esnode.pem"

ssl.key: "/etc/metricbeat/key.pem"

I tool the root-ca.pem from coordinator and placed it in metricbeat server

Similarly esnode.pem, key.pem

Now, after doing this, i get error

2018-03-01T18:21:12Z INFO Loading of config files completed.

2018-03-01T18:21:14Z ERR Failed to connect: Get https://10.16.11.172:9200: x509: certificate is valid for 127.0.0.1, not 10.16.11.172

2018-03-01T18:21:16Z ERR Failed to connect: Get https://10.16.11.172:9200: x509: certificate is valid for 127.0.0.1, not 10.16.11.172

I can clearly see 2 things

a. The certificates are wrong, and i am not sure how to fix this

b. Is there any option to bypass certificates check ?

You’re trying to present metricbeat as an Elasticsearch node with that certificate.
Beats don’t need a certificate unless you want them to, in which case you’ll need to make a client certificate.

Else they’re just considered to be any regular user so connecting over https to your elasticsearch cluster will be enough.

···

On Thursday, March 1, 2018 at 7:22:24 PM UTC+1, sanket jain wrote:

Hi all,

i have elastic search 6.1.2

Metricbeat 6.1.2 as well

i am trying to send data from metricbeat => elastic coordinator

I am stuck in the certificates loop in metricbeat

output.elasticsearch:

Array of hosts to connect to.

hosts: [“10.16.11.172:9200”]

index: “metricbeat-ocean-qa-%{[beat.version]}-%{+yyyy.MM.dd}”

Optional protocol and basic auth credentials.

protocol: “https”

username: “admin”

password: “admin”

ssl.certificate_authorities: ["/etc/metricbeat/root-ca.pem"]

ssl.certificate: "/etc/metricbeat/esnode.pem"

ssl.key: "/etc/metricbeat/key.pem"

I tool the root-ca.pem from coordinator and placed it in metricbeat server

Similarly esnode.pem, key.pem

Now, after doing this, i get error

2018-03-01T18:21:12Z INFO Loading of config files completed.

2018-03-01T18:21:14Z ERR Failed to connect: Get https://10.16.11.172:9200: x509: certificate is valid for 127.0.0.1, not 10.16.11.172

2018-03-01T18:21:16Z ERR Failed to connect: Get https://10.16.11.172:9200: x509: certificate is valid for 127.0.0.1, not 10.16.11.172

I can clearly see 2 things

a. The certificates are wrong, and i am not sure how to fix this

b. Is there any option to bypass certificates check ?

Thank you for the reply
I was able to bypass SSL, using a config setting

SSL_verification_none

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["10.12.3.186:9200"]
  ssl.verification_mode: none
  index: "metricbeat-gxi-sj-%{[beat.version]}-%{+yyyy.MM.dd}"

  # Optional protocol and basic auth credentials.
  protocol: "https"
  username: "admin"
  password: "admin"