ssl - Logstash-forwarder says certificate signed by unknown authority when using a self-signed certificate with SubjectAltName -
i'm trying connect logstash logstash-forwarder. communication base on ssl generate self-signed certificate follows this. got error message on logstash-forwarder side:
failed tls handshake 9.21.61.19 x509: certificate signed unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign kind of certificate" while trying verify candidate authority certificate "*.*.*.*.*")
if generate certificate without subject alt name, work. worked certificate can generated by:
openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout lumberjack.key -out lumberjack.crt -subj /cn=*.*.*.*.*
but i'm hoping generate certificate can used in different kinds of host. want generate ssl certificate cn=*.*.*.*.*, alt names include *, *.*, *.*.* etc.
is there suggestion on how can overcome ssl error? or better way make logstash-forwarder can work in variety of environments?
turns out, when removed
keyusage = digitalsignature, keyencipherment
in [ v3_ca ]
, asked in guide, generated certificate works variety of host names.
this may not right scenario ssl. logstash/logstash-forwarder case, helps.
Comments
Post a Comment