我在笔记本电脑中设置了一个 elsatic 堆栈,并在其中配置了完整堆栈(filebeat、logstash、elasticsearch 和 kibana)。但现在我需要使用 SSL 以安全的方式连接 filebeat 和 logstash。但是在使用我自己创建的自签名证书之后,当我尝试使用以下 curl 请求验证证书时,它会引发以下错误
**curl -v --cacert ca.crt https://localhost:5044**
错误-->
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
它给出了上述 sslv3 握手失败。
我已按照以下指南创建可以使用 logstash https://benjaminknofe.com/blog/2018/07/08/logstash-authentication-with-ssl-certificates/配置的自签名证书 我已经按照那些步骤适合我的实现。
这是我从 curl 请求中收到的完整握手输出
* Rebuilt URL to: https://localhost:5044/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 5044 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: ca.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, Server hello (2):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
这是我在 openssl 密钥创建中使用的 logstash.config 文件。我已将通用名称命名为 localhost,因为这就是我在 /etc/hosts 127.0.0.1 localhostt 中映射的方式
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = XXXXXX
localityName = XXXXXX
postalCode = XXXXXX
organizationName = XXXXXX
organizationalUnitName = XXXXXX
commonName = localhost
emailAddress = XXXXXX
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
logstash 输入插件
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/home/ssl/ca.crt"]
ssl_certificate => "/home/ssl/logstash.crt"
ssl_key => "/home/ssl/logstash.key"
#ssl_verify_mode => "force_peer"
client_inactivity_timeout => 1000
}
}
我希望已经配置了 logstash 接受的 ssl 证书。但是当我尝试使用 curl reuqests 验证它们时,它们不被接受