[ELK Stack] Generate TLS certs for filebeat and logstash
1. Generate new domain name for logstash server. | |
For this tutorial | |
domain name = logstash-prod.xyz.com | |
ip = 1.2.3.4 | |
* Enter to following directory | |
``` | |
$ sudo mkdir /etc/pki | |
$ cd /etc/pki | |
``` | |
* Generate CA and self-sign it. | |
``` | |
$ mkdir -p certs/{devices,client,ca,tmp} | |
$ openssl genrsa -out certs/ca/root-ca.key.pem 2048 | |
$ openssl req -x509 -new -nodes -key certs/ca/root-ca.key.pem -days 9131 -out certs/ca/root-ca.crt.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Signing Authority Inc/CN=logstash-prod.xyz.com" | |
``` | |
* Generate logstash certs | |
``` | |
$ openssl genrsa -out certs/devices/logstash.key.pem 2048 | |
$ openssl req -new -key certs/devices/logstash.key.pem -out certs/tmp/logstash.csr.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Service/CN=logstash-prod.xyz.com" | |
$ openssl x509 -req -in certs/tmp/logstash.csr.pem -CA certs/ca/root-ca.crt.pem -CAkey certs/ca/root-ca.key.pem -CAcreateserial -out certs/devices/logstash.crt.pem -days 9131 | |
``` | |
* Generate filebeat certs | |
``` | |
$ openssl genrsa -out certs/devices/filebeat.key.pem 2048 | |
$ openssl req -new -key certs/devices/filebeat.key.pem -out certs/tmp/filebeat.csr.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Service/CN=logstash-prod.xyz.com" | |
$ openssl x509 -req -in certs/tmp/filebeat.csr.pem -CA certs/ca/root-ca.crt.pem -CAkey certs/ca/root-ca.key.pem -CAcreateserial -out certs/devices/filebeat.crt.pem -days 9131 | |
``` | |
* convert private key to PKCS8 format | |
``` | |
$ openssl pkcs8 -topk8 -inform pem -in certs/devices/logstash.key.pem -outform pem -nocrypt -out certs/devices/logstash-pkcs8.pem | |
$ openssl pkcs8 -topk8 -inform pem -in certs/devices/filebeat.key.pem -outform pem -nocrypt -out certs/devices/filebeat-pkcs8.pem | |
``` | |
* Give `777` file permission to all these certs | |
* Restart logstash if you did it after starting logstash | |
`$ cd /etc/deploy/docker-compose && sudo docker-compose down` | |
* verify it | |
``` | |
$ curl -v --key certs/devices/filebeat-pkcs8.pem --cert certs/devices/filebeat.crt.pem --cacert certs/ca/root-ca.crt.pem https://logstash-prod.xyz.com:5044 | |
``` | |
This comment has been minimized.
This comment has been minimized.
This is my logstash.conf
|
This comment has been minimized.
This comment has been minimized.
Filebeat conf
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Hello Rishi,
I am also working on generating certs for logstash and filebeat communication. I followed your steps but I facing 1 issue.
error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
I have deployed logstash in docker swarm container and running filebeat on multiple ec2 instances. Could you please help, I have tried so many different ways.
I have configured logstash and filebeat as:
logstash.conf:
input {
beats {
client_inactivity_timeout => 3000
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/logstash.crt.pem"
ssl_key => "/etc/logstash/logstash-pkcs8.pem"
ssl_certificate_authorities => ["/etc/logstash/root-ca.crt.pem"]
ssl_verify_mode => "peer"
}
}
filebeat.yml
output.logstash:
hosts: ["54.221.XX.XX:5044"]
ssl.certificate_authorities: ["/root/root-ca.crt.pem"]
ssl.certificate: "/root/filebeat.crt.pem"
ssl.key: "/root/filebeat-pkcs8.pem"