Tech Chorus

Generating Self-Signed Certificate For Logstash And Other Services

written by Sudheer Satyanarayana on 2020-06-11

When configuring Logstash with SSL certificate, you need the certificate key and certificate. You can generate them yourselves using openssl.

Fedora/CentOS

cp /etc/pki/tls/openssl.cnf my_openssl.cnf

For Ubuntu

cp /etc/ssl/openssl.cnf my_openssl.cnf

Edit the file my_openssl.cnf and in the v3_ca section add the subjectAltName:

subjectAltName = IP: 192.168.200.19

If you have multiple IP addresses, use a comma separated string. For example:

subjectAltName = IP: 192.168.200.19,IP: 192.168.200.20

If you are using this for Logstash, use the IP address of the Logstash server.

Generate the certificate and key

openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout my.key -out my.crt --config my_openssl.cnf

Convert private to PKCS8 format

openssl pkcs8 -in my.key -topk8 -nocrypt -out my.p8

Use the my.key and my.crt in your Logstash configuration.

Related Posts

Tags: logstash openssl ssl tls certificate key fedora