Winlogbeat TLS, with no mutual auth certificates

Hello all!

Newbie here.
I digged up the internet with no avail, so here I am opening a new Topic with a 5 miute old forum user.

I would like to have TLS communcation between by winlogbeat, and the Graylog server, but All I could find, is how to set up ,MUTUAL authentication certificate-to-certificate based communication.

Here is the problem:
I did not find any info how to set up so the config doesn’t use mutual certificate authentication.
The graylog server HAS a valid certificate, and it works Like a charm.
The graylog server’s Beats input HAS a vaild certificate.
The SideCar does NOT have a client certificate, and I would like to keep it that way.

Who is this done, what do I need to add to the winlogbeat collector config?

what about the documentation?

http://docs.graylog.org/en/3.1/pages/secure/sec_graylog_beats.html#add-client-authentication-to-beats-input

that might guide you

Hi!

Almost, but still no luck.
I see that this article describes how to set up mutual authentication,
But I don’t want to deal with client certificates.

Like the way normal websites work. The server has indeed a SSL cert, and I want to verify the graylog Beats’ input certificate. But I don’t want to offer any certificates as a collector.

I found this:
output.logstash:
hosts: [“graylogserver:5044”]
ssl.certificate_authorities: ["/etc/ca.pem"]
ssl.certificate: “/etc/client.crt”
ssl.key: “/etc/client.key”

But insted I’mlooking for something like this:
output.logstash:
hosts: [“graylog.example.org:5044”]
ssl.enabled: true

Or if nothing else:
output.logstash:
hosts: [“graylog.example.org:5044”]
ssl.certificate: /serialnumber of my cert in the local computer cert store/

The thing I want to avoid is the creation and maintenance of client computer certificates.

Turn out ALL i needed was:

output.logstash:
hosts: [“graylog.local.server:5045”]
ssl.enabled: true