diff --git a/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-beats-to-elasticsearch-service-with-logstash-as-proxy.md b/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-beats-to-elasticsearch-service-with-logstash-as-proxy.md index d1d02512cd..b405e03874 100644 --- a/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-beats-to-elasticsearch-service-with-logstash-as-proxy.md +++ b/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-beats-to-elasticsearch-service-with-logstash-as-proxy.md @@ -388,7 +388,7 @@ In this section, you configure {{ls}} to send the Metricbeat and Filebeat data t ilm_enabled => true cloud_id => ":" <1> cloud_auth => "elastic:" <2> - ssl => true + ssl_enabled => true # api_key => "" } } @@ -455,7 +455,7 @@ In this section, you configure {{ls}} to send the Metricbeat and Filebeat data t elasticsearch { index => "%{[@metadata][beat]}-%{[@metadata][version]}" cloud_id => "" - ssl => true + ssl_enabled => true ilm_enabled => true api_key => "2GBe63fBcxgJAetmgZeh:aB1cdeF-GJI23jble4NOH4" # user => "" diff --git a/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-relational-database-into-elasticsearch-service.md b/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-relational-database-into-elasticsearch-service.md index 67ddb6bf57..64d695b02f 100644 --- a/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-relational-database-into-elasticsearch-service.md +++ b/manage-data/ingest/ingesting-data-from-applications/ingest-data-from-relational-database-into-elasticsearch-service.md @@ -294,7 +294,7 @@ In this section, we configure Logstash to send the MySQL data to Elasticsearch. ilm_enabled => false cloud_id => ":" <1> cloud_auth => "elastic:" <2> - ssl => true + ssl_enabled => true # api_key => "" } } @@ -355,7 +355,7 @@ In this section, we configure Logstash to send the MySQL data to Elasticsearch. elasticsearch { index => "rdbms_idx" cloud_id => "" - ssl => true + ssl_enabled => true ilm_enabled => false api_key => "2TBR42gBabmINotmvZjv:tV1dnfF-GHI59ykgv4N0U3" # user => "" diff --git a/reference/fleet/ls-output-settings.md b/reference/fleet/ls-output-settings.md index 50ff011237..d36c1034ca 100644 --- a/reference/fleet/ls-output-settings.md +++ b/reference/fleet/ls-output-settings.md @@ -31,7 +31,7 @@ input { ssl_certificate_authorities => [""] ssl_certificate => "" ssl_key => "" - ssl_verify_mode => "force_peer" + ssl_client_authentication => "required" } } output { @@ -41,7 +41,7 @@ output { api_key => "" <3> data_stream => true ssl_enabled => true - # cacert => "" + ssl_certificate_authorities => "" } } ``` diff --git a/reference/fleet/secure-logstash-connections.md b/reference/fleet/secure-logstash-connections.md index 5deaf99eda..1640e62927 100644 --- a/reference/fleet/secure-logstash-connections.md +++ b/reference/fleet/secure-logstash-connections.md @@ -118,7 +118,7 @@ output { cloud_id => "xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=" <1> api_key => "xxxx:xxxx" <2> data_stream => true - ssl => true <3> + ssl_enabled => true <3> } } ``` @@ -147,8 +147,8 @@ output { hosts => "https://xxxx:9200" api_key => "xxxx:xxxx" data_stream => true - ssl => true - cacert => "/path/to/http_ca.crt" <1> + ssl_enabled => true + ssl_certificate_authorities => "/path/to/http_ca.crt" <1> } } ``` diff --git a/solutions/observability/apm/apm-server/configure-logstash-output.md b/solutions/observability/apm/apm-server/configure-logstash-output.md index 2f57731555..d302f432a4 100644 --- a/solutions/observability/apm/apm-server/configure-logstash-output.md +++ b/solutions/observability/apm/apm-server/configure-logstash-output.md @@ -301,7 +301,7 @@ To use SSL mutual authentication: * `ssl`: When set to true, enables {{ls}} to use SSL/TLS. * `ssl_certificate_authorities`: Configures {{ls}} to trust any certificates signed by the specified CA. * `ssl_certificate` and `ssl_key`: Specify the certificate and key that {{ls}} uses to authenticate with the client. - * `ssl_verify_mode`: Specifies whether the {{ls}} server verifies the client certificate against the CA. You need to specify either `peer` or `force_peer` to make the server ask for the certificate and validate it. If you specify `force_peer`, and APM Server doesn’t provide a certificate, the {{ls}} connection will be closed. If you choose not to use [`certutil`](elasticsearch://reference/elasticsearch/command-line-tools/certutil.md), the certificates that you obtain must allow for both `clientAuth` and `serverAuth` if the extended key usage extension is present. + * `ssl_client_authentication`: Specifies whether the {{ls}} server verifies the client certificate against the CA. If you specify `required` and APM Server doesn’t provide a certificate, the {{ls}} connection will be closed. If you choose not to use [`certutil`](elasticsearch://reference/elasticsearch/command-line-tools/certutil.md), the certificates that you obtain must allow for both `clientAuth` and `serverAuth` if the extended key usage extension is present. For example: @@ -309,11 +309,11 @@ To use SSL mutual authentication: input { beats { port => 5044 - ssl => true + ssl_enabled => true ssl_certificate_authorities => ["/etc/ca.crt"] ssl_certificate => "/etc/server.crt" ssl_key => "/etc/server.key" - ssl_verify_mode => "force_peer" + ssl_client_authentication => "required" } } ```