-
-
Save rishiloyola/79f869749bf54d135f7f6fe61e0e99a7 to your computer and use it in GitHub Desktop.
1. Generate new domain name for logstash server. | |
For this tutorial | |
domain name = logstash-prod.xyz.com | |
ip = 1.2.3.4 | |
* Enter to following directory | |
``` | |
$ sudo mkdir /etc/pki | |
$ cd /etc/pki | |
``` | |
* Generate CA and self-sign it. | |
``` | |
$ mkdir -p certs/{devices,client,ca,tmp} | |
$ openssl genrsa -out certs/ca/root-ca.key.pem 2048 | |
$ openssl req -x509 -new -nodes -key certs/ca/root-ca.key.pem -days 9131 -out certs/ca/root-ca.crt.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Signing Authority Inc/CN=logstash-prod.xyz.com" | |
``` | |
* Generate logstash certs | |
``` | |
$ openssl genrsa -out certs/devices/logstash.key.pem 2048 | |
$ openssl req -new -key certs/devices/logstash.key.pem -out certs/tmp/logstash.csr.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Service/CN=logstash-prod.xyz.com" | |
$ openssl x509 -req -in certs/tmp/logstash.csr.pem -CA certs/ca/root-ca.crt.pem -CAkey certs/ca/root-ca.key.pem -CAcreateserial -out certs/devices/logstash.crt.pem -days 9131 | |
``` | |
* Generate filebeat certs | |
``` | |
$ openssl genrsa -out certs/devices/filebeat.key.pem 2048 | |
$ openssl req -new -key certs/devices/filebeat.key.pem -out certs/tmp/filebeat.csr.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Service/CN=logstash-prod.xyz.com" | |
$ openssl x509 -req -in certs/tmp/filebeat.csr.pem -CA certs/ca/root-ca.crt.pem -CAkey certs/ca/root-ca.key.pem -CAcreateserial -out certs/devices/filebeat.crt.pem -days 9131 | |
``` | |
* convert private key to PKCS8 format | |
``` | |
$ openssl pkcs8 -topk8 -inform pem -in certs/devices/logstash.key.pem -outform pem -nocrypt -out certs/devices/logstash-pkcs8.pem | |
$ openssl pkcs8 -topk8 -inform pem -in certs/devices/filebeat.key.pem -outform pem -nocrypt -out certs/devices/filebeat-pkcs8.pem | |
``` | |
* Give `777` file permission to all these certs | |
* Restart logstash if you did it after starting logstash | |
`$ cd /etc/deploy/docker-compose && sudo docker-compose down` | |
* verify it | |
``` | |
$ curl -v --key certs/devices/filebeat-pkcs8.pem --cert certs/devices/filebeat.crt.pem --cacert certs/ca/root-ca.crt.pem https://logstash-prod.xyz.com:5044 | |
``` | |
i have followed the steps for generating the Certs
My logstash versiion is 7.10.2
filebeat version is 7.10.2
filebeat.yml
output.logstash:
hosts: ["deepfence-logstash:8005"]
proxy_url: socks5://${DEEPFENCE_KEY}:@${DF_BACKEND_IP}:8005
proxy_use_local_resolver: false
ssl.enabled: true
ssl.certificate_authorities: ["/etc/filebeat/root-ca.crt.pem"]
ssl.certificate: "/etc/filebeat/filebeat.crt.pem"
ssl.key: "/etc/filebeat/filebeat-pkcs8.pem"
input {
beats {
port => "${TCP_PORT}"
codec => json
ssl => true # enable TLS/SSL
ssl_certificate_authorities => ["/etc/logstash/root-ca.crt.pem"]
ssl_certificate => "/etc/logstash/logstash.crt.pem"
ssl_key => "/etc/logstash/logstash-pkcs8.pem"
ssl_verify_mode => "force_peer"
client_inactivity_timeout => 600
}
}
and i am getting this error -
[DEBUG] 2021-04-20 16:16:44.748 [defaultEventExecutorGroup-4-2] BeatsHandler - [local: 0.0.0.0:8005, remote: 192.168.128.15:58986] Handling exception: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Empty server certificate chain (caused by: javax.net.ssl.SSLHandshakeException: Empty server certificate chain)
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Empty server certificate chain
My problem has been solved i created the wrong certs by adding the port in the domain name.
when i removed the port name from the domain name then all worked as of now
Filebeat conf