Newbie here.
I digged up the internet with no avail, so here I am opening a new Topic with a 5 miute old forum user.
I would like to have TLS communcation between by winlogbeat, and the Graylog server, but All I could find, is how to set up ,MUTUAL authentication certificate-to-certificate based communication.
Here is the problem:
I did not find any info how to set up so the config doesn’t use mutual certificate authentication.
The graylog server HAS a valid certificate, and it works Like a charm.
The graylog server’s Beats input HAS a vaild certificate.
The SideCar does NOT have a client certificate, and I would like to keep it that way.
Who is this done, what do I need to add to the winlogbeat collector config?
Almost, but still no luck.
I see that this article describes how to set up mutual authentication,
But I don’t want to deal with client certificates.
Like the way normal websites work. The server has indeed a SSL cert, and I want to verify the graylog Beats’ input certificate. But I don’t want to offer any certificates as a collector.
I found this:
output.logstash:
hosts: [“graylogserver:5044”]
ssl.certificate_authorities: ["/etc/ca.pem"]
ssl.certificate: “/etc/client.crt”
ssl.key: “/etc/client.key”
But insted I’mlooking for something like this:
output.logstash:
hosts: [“graylog.example.org:5044”]
ssl.enabled: true
Or if nothing else:
output.logstash:
hosts: [“graylog.example.org:5044”]
ssl.certificate: /serialnumber of my cert in the local computer cert store/
The thing I want to avoid is the creation and maintenance of client computer certificates.