Updated on 2024-11-20 GMT+08:00

Managing CA Certificates for a Logstash Cluster

When connecting a Logstash cluster to an Elasticsearch cluster of CSS, you can skip this section and use a default CA certificate. To connect it to other data sources that require security authentication, you need to use a customize certificate by following the procedures described in this topic.

Scenario

  • When a Logstash cluster connects to an Elasticsearch cluster that uses the secure mode and the HTTPS protocol, the default CA certificate preconfigured in CSS can be used to trust the server. Logstash clusters support Viewing Default Certificates.
  • If the Logstash cluster connects to other data sources that require security authentication, you need to upload a custom certificate to trust the server. For details, see Uploading a Custom Certificate.

Viewing Default Certificates

  1. Log in to the CSS management console.
  2. In the navigation pane on the left, choose Clusters > Logstash. The cluster list is displayed.
  3. In the cluster list on the displayed page, click the target cluster name to switch to the Cluster Information page.
  4. In the navigation pane on the left, choose Certificates.
  5. On the Default Certificates tab, view the default CA certificates.

Uploading a Custom Certificate

  1. Prepare the custom certificate.
    • The certificate name contains 4 to 32 characters, and must start with a letter, and end with .cer/.crt/.rsa/.jks/.pem/.p10/.pfx/.p12/.csr/.der/.keystore. The value can contain letters, digits, hyphens (-), underscores (_), and periods (.). Other special characters are not allowed.
    • Up to 50 certificates can be uploaded.
    • The certificate file size cannot exceed 1 MB.
  2. Log in to OBS management console, and upload the custom certificate to an OBS bucket. For details, see Upload Overview.
  3. Log in to the CSS management console.
  4. In the navigation pane on the left, choose Clusters > Logstash. The cluster list is displayed.
  5. In the cluster list, click the target cluster name to switch to the Cluster Information page.
  6. In the navigation pane on the left, choose Certificates.
  7. Click the Custom Certificates tab, and click Upload Certificate. In the Upload Certificate dialog box, set OBS Bucket and Certificate Object.
    • OBS Bucket: Select the OBS bucket that holds the custom certificate.
    • Certificate Object: Click Select. In the Select Certificate Object dialog box, select the custom certificate that has been uploaded to the OBS bucket in advance and click OK.
  8. Click OK to upload the custom certificate.

    After the custom certificate is uploaded, it is displayed in the certificate list.

  9. To delete a custom certificate that you no longer need, click Delete in the Operation column, and then click OK to confirm the deletion.