Filebeat and Opendistro failed

Hello,

I’m trying open distro for a mission.
The server is obviously working fine.
But when I try to connect the ELB Filebeat agent I encounter an error message on the client as follows:

[root@client-test ~]# filebeat setup
Exiting: Couldn’t connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://x.x.x.x:9200: Get https://x.x.x.x:9200: x509: certificate is valid for 127.0.0.1, not x.x.x.x]

reading the error message I suspect that the problem is a certificate but I do not know which one and how to fix it.

Can you help me ?

cordially

Hi,
have a look at your certificate. I had some problems getting it to work and finally solved it.

The certificate is referenced from /etc/filebeat/filebeat.yml under key

output_elasticsearch:
    ssl.certificate: "/etc/filebeat/node.crt"

you can display the input via

 openssl x509 -in /etc/filebeat/node.crt -text

This should look like

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        fc:45:ed:59:96:a1:16:a3
Signature Algorithm: sha256WithRSAEncryption
    Issuer: C = DE, O = DSV, OU = PAS, CN = checkmk.pas.dsv-gruppe.de, emailAddress = pexlog@dsv-gruppe.de
    Validity
        Not Before: Feb 19 16:15:57 2020 GMT
        Not After : Dec 28 16:15:57 2029 GMT
    Subject: CN =XXXX, OU = XXX, O = XXX, L = XXX, C = DE
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
            Public-Key: (2048 bit)
            Modulus:
                00:d5:31:cc:c9:f9:12:d3:54:ff:83:52:c7:ab:ce:
                ...
            Exponent: 65537 (0x10001)
    X509v3 extensions:
        X509v3 Key Usage:
            Digital Signature, Non Repudiation, Key Encipherment
        X509v3 Extended Key Usage: critical
            TLS Web Server Authentication, TLS Web Client Authentication
        X509v3 Subject Key Identifier:
            7C:29:2E:33:6E:A2:85:10:EB:64:9E:72:ED:14:38:A3:1B:C3:75:DA
        X509v3 Authority Key Identifier:
            keyid:9E:05:39:F5:D5:D7:C9:80:61:FB:CC:02:35:63:FC:BC:04:27:86:19

        X509v3 Basic Constraints: critical
            CA:FALSE, pathlen:0
        X509v3 Subject Alternative Name:
           DNS:localhost, <Servername>, DNS:<Servername2>, IP Address:127.0.0.1, IP Address:<IP>, Registered ID:1.2.3.4.5.5
Signature Algorithm: sha256WithRSAEncryption
     1e:a0:8a:f0:42:db:c2:c5:f9:cb:5f:d8:37:0d:88:c2:6d:d1:
     ....
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Important are the subject Alternative Names - there needs to be the address which you are using to call the elastic server (DNS-Name, IP-Adress etc.) and also the Registered ID 1.2.3.4.5.5 - without that elastic did not accept my certificate for access

Regards Michael

Hello,

I’m completly stacked at this point…having the same problem, or very similar.

ERROR	fileset/factory.go:134	Error loading pipeline: Error creating Elasticsearch client: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://10.0.1.1:9200: Get "https://10.0.1.1:9200": x509: certificate is valid for 127.0.0.1, not 10.0.1.1]

I have Elasticsearch listening at 10.0.1.1 and a remote Filebeat. Also same problem for a local Filebeat whentrying to reach Elasticsearch at 10.0.1.1.
I generated a node.crt and I have the .pem certificates and I tried to generate a .crt and placing it the folder, for configuring the same

output_elasticsearch:
    ssl.certificate: "/etc/filebeat/node.crt"

But I’m missing something…

error loading config file: yaml: line 149: did not find expected key

The node.crt that I generated:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            72:3c:de:1f:e4:3f:1d:3f:69:5a:a8:00:8b:90:ab:86:03:9c:c7:84
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = countrycode, ST = State, L = City, O = Company, CN = Name, emailAddress = mail
        Validity
            Not Before: Jul 13 23:56:10 2020 GMT
            Not After : Aug 12 23:56:10 2020 GMT
        Subject: C = countrycode, ST = State, L = City, O = companyname, CN = Name, emailAddress = mail
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5a:26:d2:05:79:92:cf:6e:7e:2f:ca:de:2d:
                      ...       
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
        ...
-----BEGIN CERTIFICATE-----

The command for generating it:

openssl x509 -req -in companyadmin.csr -signkey root-company-ca-key.pem -out node.crt

I will really appreciate some support on this
Kind regards