ssl - Logstash-forwarder says certificate signed by unknown authority when using a self-signed certificate with SubjectAltName -


i'm trying connect logstash logstash-forwarder. communication base on ssl generate self-signed certificate follows this. got error message on logstash-forwarder side:

failed tls handshake 9.21.61.19 x509: certificate signed unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign kind of certificate" while trying verify candidate authority certificate "*.*.*.*.*")

if generate certificate without subject alt name, work. worked certificate can generated by:

openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out lumberjack.crt -subj /cn=*.*.*.*.*

but i'm hoping generate certificate can used in different kinds of host. want generate ssl certificate cn=*.*.*.*.*, alt names include *, *.*, *.*.* etc.

is there suggestion on how can overcome ssl error? or better way make logstash-forwarder can work in variety of environments?

turns out, when removed

keyusage = digitalsignature, keyencipherment

in [ v3_ca ], asked in guide, generated certificate works variety of host names.

this may not right scenario ssl. logstash/logstash-forwarder case, helps.


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -