Can I setup logstash with windows generated certs instead of openssl?

Question

They use openssl to generate certs to use with logstash ie this command:

sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

Now the logstash-forwarder.crt will be installed on servers that will send logs to logstash.

My question is, if I have a Windows Certificate services infrastructure setup can I generate a cert for the logstash server via a Windows CA instead? Would there be any gotchas with this or compatibility problems?

I'm assuming I just submit a new cert request to the windows CA from the logstash/ELK server and generate a cert that would work the same way. Is this possible?

score 1 · Accepted Answer · answered Jun 07 '16 at 21:16

There's nothing different about the x509 certificates generated by a Windows based CA than an OpenSSL based CA. The only thing to be wary of is what format the downloaded cert file is encoded with. With a Windows CA, you'll have the option of DER encoding or PEM (base64) encoding. You generally want the PEM version unless the app specifically asks for DER.

Can I setup logstash with windows generated certs instead of openssl?

1 Answers1