I have question related to mutual TLS authentication in case of using logstash Elasticsearch input plugin. I have Elasticsearch cluster installed and configured to work over tls using mutual authentication.
Now I want to read from this cluster and send it to the output. Let's skip output plugin part for now.
Below applied logstash configuration
input {
elasticsearch {
hosts => ["host:port"]
ssl => true
user => "myUser"
password => "myPassword"
ca_file => "path/to/my/certificate/authority/cert.pem"
index => "index_name"
}
}
As far as I understand ca_file used in order to validate certificate that comes from Elasticsearch (server side) as part of TLS handshake.
My questions are:
One way TLS. ssl flag is enabled, ca_file is populated, but is there any configuration based on which I could state that I don't need to verify hostname I am working with?
Mutual TLS case. How I can provide client certificate or keystore to the logstash. So this certificate can be used by elasticsearch cluster (server) in order to authenticate the logstash (client). Is there such an option? Does logstash Elasticsearch input plugin really supports that?
The answer is no to both questions. The elasticsearch output support client certificates (using the keystore option) and non-name-matched certificates (through the ssl_certificate_verification option) but the input supports neither.