2

I have set up an elsatic stack in my laptop and I have configured full stack (filebeat, logstash, elasticsearch and kibana) in it. But now I need to connect filebeat and logstash in a secure manner using SSL. But after using the self signed certificates taht I have created on my own it throws the following error when I try to verify the certificate with following curl request 

**curl -v --cacert ca.crt https://localhost:5044**

The error --> 

* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake        failure
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

It gives the above sslv3 handshake failure.

I have followed the following guideline to create the self signed certificate that can be configured with logstash https://benjaminknofe.com/blog/2018/07/08/logstash-authentication-with-ssl-certificates/ I have followed those steps that suitable to my implementation.

Here is the full handshake output that i have received from the curl request

* Rebuilt URL to: https://localhost:5044/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 5044 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: ca.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, Server hello (2):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake        failure
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Here is my logstash.config file tha used in openssl key creation. I have given common name as localhost because that's how I mapped in /etc/hosts 127.0.0.1 localhostt

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
countryName                     = XX
stateOrProvinceName             = XXXXXX
localityName                    = XXXXXX
postalCode                      = XXXXXX
organizationName                = XXXXXX
organizationalUnitName          = XXXXXX
commonName                      = localhost
emailAddress                    = XXXXXX

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost

logstash input plugin

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/home/ssl/ca.crt"]
    ssl_certificate => "/home/ssl/logstash.crt"
    ssl_key => "/home/ssl/logstash.key"
    #ssl_verify_mode => "force_peer"
    client_inactivity_timeout => 1000
 }
}

I expected to have configured ssl certificates that are accepted by logstash. But they are not accepted when I try to verify them with the curl reuqests

CK LZEM7
  • 31
  • 6

0 Answers0