Certificate only works from client side, how do I debug something like this? (graylog/filebeat/JVM keystore)

Damian Games

3/8/24, 10:54 AM

I created 2 key-certificate pairs with the exact same method. However, while trying to setup TLS on my graylog server to a remote filebeat node, it does not successfully connect when trying to connect with a regular certificate validating the authenticity of the graylog server.

Then, if disable server side TLS but I enable client authentication, it miraculously works and I have a TLS connection. I have no idea how to debug this? I have checked the files are readable by the user, mounted into the container, correct path. I also turned the filebeat authentication all the way down to only check validity and not domain, in case there was some spelling issue or other with the domain name.

I have tried wireshark and there is some TLS activity going on but honestly my knowledge is very limited with certs. Do I really have to become an expert on the handshake to add a simple TLS?

I am using the certificate as its own CA which worked fine for the client authentication.

0 + 0

ubuntu

ssl

logstash

filebeat

graylog

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Certificate only works from client side, how do I debug something like this? (graylog/filebeat/JVM keystore)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.