Hi @jochen…
Below is my beats input configured with valid cert & key in DEV graylog environment,
bind_address: 0.0.0.0
override_source: <empty>
port: 5044
recv_buffer_size: 1048576
tcp_keepalive: false
tls_cert_file: /etc/companysoft/devcluster/graylog-certificate.pem
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: true
tls_key_file: /etc/companysoft/devcluster/graylogkey.pem
Metricbeat.yml
output.logstash:
# The Logstash hosts
hosts: ["dev.companysoft.com:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: [""]
# Certificate for SSL client authentication
ssl.certificate: "/etc/metricbeat/graylog-certificate.pem"
# Client Certificate Key
ssl.key: "/etc/metricbeat/graylogkey.pem"
Let me explain more clear,
We have two environments DEV & UAT of graylog application with SSL setup running parallely, and it was working fine without any issues,
DEV graylog URL :- https://dev.companysoft.com/
UAT graylog URL :- https://uat.companysoft.com/
Consider a client A sending data to DEV graylog URL through metricbeats to port 5044, and I have created beats input in DEV and it was running.
Similarly client B sending data to UAT graylog URL through metricbeats to port 5045, and beats are configured in UAT and it was running.
The above setup were working fine and able to send data to respective environments without any issues. I can see the data coming to graylog successfully.
But now If I changed the DEV graylog URL to UAT graylog URL in metricbeats of client A. I can able to send data, since the input beat is running with that port in UAT. I don’t want this to happen in client and need to avoid this scenario, so that’s why I am trying to creating TLS client base auth certs. But I am not sure how to build certificate authority??
Note:- I know if I have different certificates I can avoid this scenario but the certificates which i bought something like this,
Owner: CN=*.companysoft.com, O=CompanySoft, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=Entrust Certification Authority - L1K, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
So my objective is simple, client A should only send data to DEV Graylog & client B should only send data to UAT Graylog. I thought while creating TLS client based authentication I can easily achieve my goal but I was not sure how to do that.
I hope my understanding is correct about the TLS client based authentication and please correct me If I am wrong in this approach.
Kindly let me know your thoughts.
Regards,
Ganeshbabu R