Filebeats SSL/Cert Validity issue

[mikeeaton83]

Hi,

So I created a self signed ssl which starts at 13.28:

[root@web-01-iom ~]# openssl x509 -startdate -noout -in /etc/pki/tls/certs/logstash-forwarder.crt
notBefore=Mar 30 13:28:11 2016 GMT

When trying to (re)start Filebeat i get the following error:

2016/03/30 13:47:55.988952 transport.go:125: ERR SSL client failed to connect with: x509: certificate has expired or is not yet valid
Stopping filebeat:                                         [  OK  ]
Starting filebeat: 2016/03/30 13:47:56.110564 transport.go:125: ERR SSL client failed to connect with: x509: certificate has expired or is not yet valid
                                                           [  OK  ]

Notice the date/time stamp? it's an hour behind, but the SSL cert is still valid..

The dateime on the server is actually:

[root@web-01-iom ~]# date
Wed Mar 30 14:48:24 BST 2016

EDIT:

Just to prove it hasn't expired..

[root@web-01-iom ~]# openssl x509 -enddate -noout -in /etc/pki/tls/certs/logstash-forwarder.crt
notAfter=Mar 28 13:28:11 2026 GMT

Let me know if you need anything else.

[sjsadowski]

I don't think it has to do with expiration, it's that go can't validate the full chain. Most self-signed certificates would not be considered 'valid' in a production environment.

With that being said, you probably generated a CA cert when generating the self-signed cert - is that configured in filebeat as per: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-output-tls.html ?