Configure custom SSL for Logstash#
If using Logstash with on-premises Elasticsearch cluster, or if Elasticsearch is secured with a custom certificate, you must separately and explicitly configure Logstash to use the same CA certificate as your Elasticsearch cluster.
For comprehensive instructions, see Elasticsearch: Configuring Logstash to use TLS Encryption
The CA certificate must be accessible on the Logstash host’s filesystem.
E.g.
/etc/logstash/config/certs/ca.crt
Edit Logstash
.conf
. On EclecticIQ Intelligence Center installations, this is usually/etc/logstash/conf.d/eclecticiq.conf
Locate the
output.elasticsearch
block.Edit it to set
ssl
andcacert
attributes:output { elasticsearch { ... ssl => true cacert => '/etc/logstash/config/certs/ca.crt' } }
Restart the Logstash service. Run as root:
systemctl restart logstash