logstash-forwarder requires proper CN names in lumberjack certs

Question

logstash-forwarder requires proper CN names in lumberjack certs

Closed this issue 10 years ago · 2 comments

see elastic/logstash-forwarder#221 for reference.
Since go 1.3+ tls requires proper CN hostnames, or if using IPs to connect to logstash server you need to add the IP as a subjectAlternativeName.

We will need to generate certificates per forwarder node to fix this. We could maybe leverage this
elastic/logstash-forwarder#221 (comment)

I tried this
elastic/logstash-forwarder#221 (comment)
but still had problems, I think it may only work with go 1.2 and below.

Answer 1 · 2015-02-25T14:51:16.000Z

Perhaps we can use the chef node certificate, per elastic/logstash-forwarder#221 (comment). I still don't like the idea that CN must equal hostname when we are using x509 for transport encryption, not necessarily PKI.

Answer 2 · 2015-03-06T16:24:49.000Z

I added a link to elastic/logstash-forwarder#221 (comment) in the readme. I'm not sure what else we can do.