Generating Certificate Fingerprint for Filebeat

Published by Bilal Kaun on

For the purpose of ElasticSearch and Filebeats in particular. The documentation at Elastic does not go into much detail as to what the property ‘ca_sha256‘ is or how to generate it.

The only remark they make is
The pin is a base64 encoded string of the SHA-256 of the certificate.

Not only is this not informative, but also misleading. So the correct way to generate this is via openssl. The correct way is described in the stackoverflow question regarding a non-Elastic query.

$ openssl x509 -in <root-ca.pem> -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64

Categories: Architecture
Tags:

0 Comments

Leave a Reply

Related Posts

Architecture

Go ahead, use Float and Double datatypes in Oracle for Money

The nature of decimal types aren’t the same across popular RDBMS For databases such as MySql and Postgres, using Float and Double columns types to store things like money is erroneous and can lead to Read more…