Beat input with tls for future additon server

I created shadowCA and made certificate that include graylog adress and filebeat servers addresses.
When I will have to add new server that will send filebeat logs would I need to reissue new certificate with ip of new server and reinstall it on each server?

Hello @bdssultan

Those certificate mentioned seams like it would be for the node/s connection.
If your working with self-signed certificates, to make sure I understand this correct, you have Servers with just Filebeat installed and shipping logs to Graylog? Is this corrrect? The certificates create have all the IP Addresses for the clients and Graylog server. If this is how the envirnemt is setup and working , a then you will need to add the IP address for the NEW node in the certificates.

If the environment certificatifates were/are setup for these three …

  • ssl.certificate_authorities: [“/etc/ca.pem”]
  • ssl.certificate: “/etc/client.crt”
  • ssl.key: “/etc/client.key”

In a situation like this , I personal like creating my certificate file.

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

# Details about the issuer of the certificate
[req_distinguished_name]
C = US
ST = Some-State
L = Some-City
O = My Company
OU = My Division
CN = graylog.example.com

[v3_req]
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

# IP addresses and DNS names the certificate should include
# Use IP.### for IP addresses and DNS.### for DNS names,
# with "###" being a consecutive number.
[alt_names]
IP.1 = 203.0.113.42
DNS.1 = graylog.example.com

So basiclally run

 openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config ssl_config_file.cnf -keyout pkcs5-plain.pem -out cert.pem

Yes I have set up as you described,but I don’t see advantages of your certificate beat input with tls won’t accept this or I will have to install it everywhere that I want to escape this work :slight_smile:

Hey @bdssultan

If were talking about configuring Beats input?

Then from this documentation here

I generated those two certs.

The resulting PKCS#8 private key (graylog-key.pem) and the X.509 certificate (graylog-certificate.pem)

Example,

Then I add my CA (i.e., cert.pem) to the Keystore and place the certificates so Graylog can access them (i.e., Graylogs home directory,etc…).
My input should look something like this:

And you would need to place those on the remote device, ensure they are secure.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.