Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad certificates error on running logstash #16435

Open
amolnater-qasource opened this issue Sep 9, 2024 · 4 comments
Open

Bad certificates error on running logstash #16435

amolnater-qasource opened this issue Sep 9, 2024 · 4 comments
Labels
bug

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 8.15.1
BUILD: 76534
COMMIT: f66ec5b0ddd990d103489c47ca1bcb97dc50bc6b

Preconditions:

  1. 8.15.1 Self-managed environment should be available.

Steps to reproduce:

  1. Create certs using below command:
elasticsearch-certutil ca --pem
elasticsearch-certutil cert --name logstash --ca-cert C:\elk\elasticsearch\ca\ca.crt --ca-key C:\elk\elasticsearch\ca\ca.key --dns <public-dns> --ip <public-ip> --pem
elasticsearch-certutil cert --name client --ca-cert C:\elk\elasticsearch\ca\ca.crt --ca-key C:\elk\elasticsearch\ca\ca.key --dns <public-dns> --ip <public-ip> --pem
  1. Convert logstash key to openssl pkcs8 -inform PEM -in logstash.key -topk8 -nocrypt -outform PEM -out logstash.pkcs8.key
  2. Use elasticsearch/config/http_ca.crt as cacert and moved it to C:\elk\logstash\config\.
  3. Update elastic-agent-pipeline.conf to:
input {
  elastic_agent {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["C:\elk\elasticsearch\ca\ca.crt"]
	ssl_certificate => "C:\elk\elasticsearch\logstash\logstash.crt"
	ssl_key => "C:\elk\elasticsearch\logstash\logstash.pkcs8.key"
    ssl_verify_mode => "force_peer"
  }
}
output {
  elasticsearch {
    hosts => "<elasticsearchhost>"
    api_key => "<api_key>"
    data_stream => true
    ssl => true
    cacert => "C:\elk\logstash\config\http_ca.crt"
  }
}
  1. Update pipelines.yml to:
- pipeline.id: elastic-agent-pipeline
  path.config: "C:\elk\logstash\config\elastic-agent-pipeline.conf"
  1. Run logstash using: logstash -f C:\elk\logstash\config\elastic-agent-pipeline.conf.
  2. Observe certificates error is visible.

Expected Result:
Logstash should run without any certificate errors.

Logs:
Logs.txt

Screenshot:

Image

Feature:
elastic/kibana#75867
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@amolnater-qasource
Copy link
Author

@muskangulati-qasource Please review.

@muskangulati-qasource
Copy link

Secondary review for this ticket is done!

@cmacknz
Copy link
Member

cmacknz commented Sep 9, 2024

Logstash doesn't like something about the certs, transferring to Logstash as their more likely to have ideas about what the possible sources for the bad_certificate exception are here.

@cmacknz cmacknz transferred this issue from elastic/elastic-agent Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cmacknz @elasticmachine @muskangulati-qasource @amolnater-qasource