EDIT: Your GL Sidecar is just a wrapper for ALL your collectors. GL sidecar uses a token to connect to Graylog server and received orders on howto configure your Collectors or enable which ones. All your data/logs should be encrypted on your Collector (filebeat, winlogbeat,etc…). That as you know, is done on the Web UI
without specify the certificate and it seems to be working.
If I specify the certificate, the path to them is the one on the graylog server or I need to copy all certificates in every client where I want to use sidecar?
I had to copy my certs to the other clients. I used another application to copy over the certs which made it easy for me to do over 100+ clients. Specially when the certificates expire. Ansible works great if your familiar with it. For our Windows OS I just copied the certs on the desktop from Graylog using FileZilla then I did a ctrl +c then ctrl +v that work pretty quick but I still had to log into each VM.
I don’t think it’s a great solution to copy the certificate an all the client where sidecar is installed. And also you’re gonna have a private key in hundreds of computer and that is a big security issue!
When sending a message between two parties you have two problems that you need to address.
Encrypt it.– This makes the content unreadable so that to anyone viewing the message it is just gibberish.
Sign it– This allows the recipient to be confident that it was you who sent the message, and that the message hasn’t been changed.
Both processes require the use of keys. Almost all encryption methods in use today employ public and private keys.
The problem with this type of key arrangement is if you lose the key anyone who finds it can unlock it and will have complete access.
So where you store your Key’s it must be in a secure place. This would depend on how you set up your environment for security (GPO’s, Authentication, Firewall, Selinux/AppArmor, etc…).
I’ve been looking into a way which this can be done without transferring these certs to a remote destination but I have other things I need to do first