Secure communication from Logstash to opensearch cluster

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.8.0

Describe the issue:

Hi Guys, Recently a company has been merged into ours and they are sending test logs into opensearch cluster from their logstash server ( this is all performed in test env )
We wanted to have a secure communication between logstash and opensearch since it has come through internet ( cross AWS account configuration ).
in the testing environment we are using demo certificates ( generated by security admin script ) for both ssl.http and ssl.transport communication.

ssl http which is the configuration to communicate cluster from client end.

One of the article said I can copy the certificate from the node ( which I will be sending logs ) and upload it into the logstash server and specify the configuration and path in output configuration.
But that did not work, resulting in below Error message

Certificate for doesn’t match any of the subject alternative names: [node-0…com, localhost, 127.0.0.1]

Configuration:
Logstash output config

output {
opensearch {
hosts => [ “https://” ]
http_compression => true
ssl => true
cacert => “/path/to/demoroot-ca.pem”
username=> "username "
password => "password "
index => “test-index-%{+YYYY.MM.dd}”
}
}

Can you please let me know is this correct way to do it
some of the documentation said SAN are configured while generating certificates
I’m afraid if I generate a new certificate and have it cinfigured in one of the nodes this will mess up the cluster formation.

Can you please help me on this.
Thank you

        ssl_certificate_verification => false

Might need to be added.

1 Like

@jasonrojas Thank you for the reply.
it did work after adding this

ssl_certificate_verification => false

since it says certification verification as false does the communication will still be secure / data will been encrypted between Logstash and OpenSearch ?

Thank you

It will still communicate over TLS however its just not validating the certs since it looks like you are using self signed certs.

1 Like

Thank you so much