我正在尝试使用 keytool 命令而不是 openssl 和 .crt 和 .key 文件来为logstash创建文件。它不起作用。
我使用以下命令为logstash创建了.crt和.key
openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout logstash.key -out logstash.crt
并在.conf文件中进行如下配置
input {
tcp {
host=>"0.0.0.0"
port=>5514
type=>"syslogType"
ssl_enable=>true
ssl_cert=>"logstash.crt"
ssl_key=>"logstash.key"
ssl_verify=>false
}
}
Logstash成功启动,没有错误。 但不能使用keytool命令。下面是我尝试的顺序。
ca-cert和ca-key是使用以下命令创建的。
openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
使用keytool命令 .crt 和 .key 的步骤
keytool -keystore keystore -alias rkbox -validity 365 -genkey -storepass test1234
keytool -exportcert -keystore keystore -alias rkbox -file keytool.logstash.key
keytool -keystore keystore -alias rkbox -certreq -file rkbox.cert -storepass test1234
openssl x509 -req -CA ca-cert -CAkey ca-key -in rkbox.cert -out keytool.logstash.crt -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore keystore -alias CARoot -import -file ca-cert -storepass test1234
keytool -keystore keystore -alias rkbox -import -file keytool.logstash.crt -storepass test1234
keytool -keystore cacerts -alias CARoot -import -file ca-cert -storepass test1234
现在,我使用以下详细信息更新了相同的conf文件,其显示错误。
input {
tcp {
host=>"0.0.0.0"
port=>5514
type=>"syslogType"
ssl_enable=>true
ssl_cert=>"keytool.logstash.crt"
ssl_key=>"keytool.logstash.key"
ssl_verify=>false
}
}
[2019-07-04T13:23:40,814][INFO ][logstash.inputs.tcp ] Starting tcp input listener {:address=>"0.0.0.0:5514", :ssl_enable=>"true"}
[2019-07-04T13:23:40,832][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::Tcp ssl_key=>\"/opt/graxco/keystore/clientkeystore/20190704/keytool.logstash.key\", port=>5514, ssl_verify=>false, host=>\"0.0.0.0\", ssl_enable=>true, id=>\"7e1ac7da5e1df98c7be2ebe993ffecd4dd9a74de420d9c634ff6c9bdaf858be9\", type=>\"syslogType\", ssl_cert=>\"/opt/graxco/keystore/clientkeystore/20190704/keytool.logstash.crt\", enable_metric=>true, codec=><LogStash::Codecs::Line id=>\"line_1a98b0e6-3f54-423f-af7d-d203931fd80b\", enable_metric=>true, charset=>\"UTF-8\", delimiter=>\"\\n\">, mode=>\"server\", proxy_protocol=>false, ssl_key_passphrase=><password>, tcp_keep_alive=>false, dns_reverse_lookup_enabled=>true>", :error=>"java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 49)", :thread=>"#<Thread:0x5b39bcfe run>"}
[2019-07-04T13:23:42,346][INFO ][org.apache.kafka.clients.producer.KafkaProducer] [Producer clientId=producer-1] Closing the Kafka producer with timeoutMillis = 9223372036854775807 ms.
[2019-07-04T13:23:42,354][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>java.security.cert.CertificateParsingException: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 49), :backtrace=>["sun.security.x509.X509CertInfo.<init>(sun/security/x509/X509CertInfo.java:169)", "sun.security.x509.X509CertImpl.parse(sun/security/x509/X509CertImpl.java:1804)", "sun.security.x509.X509CertImpl.<init>(sun/security/x509/X509CertImpl.java:195)", "sun.security.provider.X509Factory.engineGenerateCertificate(sun/security/provider/X509Factory.java:102)", "java.security.cert.CertificateFactory.generateCertificate(java/security/cert/CertificateFactory.java:339)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:423)", "org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:290)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java.lib.logstash.inputs.tcp.compat_ssl_options.toSslContext(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.2.0-java/lib/logstash/inputs/tcp/compat_ssl_options.rb:73)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java.lib.logstash.inputs.tcp.compat_ssl_options.RUBY$method$toSslContext$0$__VARARGS__(usr/share/logstash/vendor/bundle/jruby/$2_dot_3_dot_0/gems/logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java/lib/logstash/inputs/tcp//usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.2.0-java/lib/logstash/inputs/tcp/compat_ssl_options.rb)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java.lib.logstash.inputs.tcp.get_ssl_context(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.2.0-java/lib/logstash/inputs/tcp.rb:366)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java.lib.logstash.inputs.tcp.RUBY$method$get_ssl_context$0$__VARARGS__(usr/share/logstash/vendor/bundle/jruby/$2_dot_3_dot_0/gems/logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java/lib/logstash/inputs//usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.2.0-java/lib/logstash/inputs/tcp.rb)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java.lib.logstash.inputs.tcp.register(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.2.0-java/lib/logstash/inputs/tcp.rb:150)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java.lib.logstash.inputs.tcp.RUBY$method$register$0$__VARARGS__(usr/share/logstash/vendor/bundle/jruby/$2_dot_3_dot_0/gems/logstash_minus_input_minus_tcp_minus_5_dot_2_dot_0_minus_java/lib/logstash/inputs//usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.2.0-java/lib/logstash/inputs/tcp.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.register_plugin(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:242)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.block in register_plugins(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:253)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1734)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.register_plugins(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:253)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.RUBY$method$register_plugins$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.start_inputs(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:396)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.RUBY$method$start_inputs$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.start_workers(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:294)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.RUBY$method$start_workers$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.run(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:200)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.RUBY$method$run$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline.block in start(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:160)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:289)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:246)", "java.lang.Thread.run(java/lang/Thread.java:748)"], :thread=>"#<Thread:0x5b39bcfe run>"}
[2019-07-04T13:23:42,365][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
如何使用keytool命令为logstash创建openssl类型的.crt和密钥文件。