我正在尝试将logstash连接到具有TLS / SSL的elasticsearch-7.1.0 使用基本许可证启用。但是每当logstash连接在一起时 弹性地表示,“ http客户端不信任该服务器的证书, 弹性引发“关闭连接Netty4HttpChannel”警告。
我已经使用certutil和certgen生成了证书,但是我认为这两个证书都没有可信的作者。如何产生一个 可信作者的证书? 还是在基本许可证版本elasticsearch-7.1.0中我们可以将TLS / SSL用于logstash的情况?
My elasticsearch.yml
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: path/to/the/key/ca.key
xpack.security.transport.ssl.certificate: path/to/the/cert/ca.crt
xpack.security.transport.ssl.certificate_authorities: [
"path/to/the/cert/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificate
xpack.security.http.ssl.truststore.path: certs/elastic-certificate
xpack.security.http.ssl.verification_mode: certificate
My logstash.yml
xpack.monitoring.enabled: false
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: changeit
xpack.monitoring.elasticsearch.hosts: ["https://localhost:9200"]
xpack.monitoring.elasticsearch.ssl.truststore.path:certs/elastic-
certificate
xpack.monitoring.elasticsearch.ssl.truststore.password: password
xpack.monitoring.elasticsearch.ssl.keystore.path:certs/elastic-
certificate
xpack.monitoring.elasticsearch.ssl.keystore.password: password
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
我得到的警告是-“ http客户端不信任该服务器的证书,关闭连接Netty4HttpChannel”
答案 0 :(得分:0)
尝试将ssl_certificate_verification => false或CA证书cacert => '/etc/elasticsearch/ca/key.pem'的路径添加到logstash配置中:
output {
elasticsearch {
hosts => ["http://localhost:9200"]
ssl => true
ssl_certificate_verification => false
#or
cacert => '/etc/elasticsearch/ca/key.pem'
}
}