Centralising windows logs securely using NXLog and LogStash (Part 2 - Creating a self-signed certificate)

There are other ways of creating a 'self signed' certificate.  But I'll be using a Debian Wheezy box, and using the 'openssl' utility

1. Create a private key

This will create a 2048-bit private key, and save it in a file called 'logstash-server.key'

# openssl genrsa -out logstash-server.key 2048

2. Create a certificate signing request

# openssl req -new -key logstash-server.key -out logstash-server.csr

Fill out the details as required.  I've highlighted & obfuscated my input on the screen shot below

There are now two files - the private key file and the CSR file

The private .key file needs to be kept in a secure place, and the contents of the file should be similar to shown below

The CSR file can be viewed as well

...and can be checked by typing this command

# openssl req -in logstash-server.csr -noout -text

 3)  Self-sign the request

Now we need to sign the CSR, with the private key generated earlier.  (note - for none self-signed certificates, the CSR would be signed by a trusted certificate authorities private key).

# openssl x509 -req -days 1830 -in logstash-server.csr -signkey logstash-server.key -out logstash-server.crt

A certificate file (ending crt) will be generated

And openssl can show details of the signed certificate.

# openssl x509 -in logstash-server.crt -text -noout

Notice the Issuer is the same as the Subject (i.e. self signed) and the expiry date 1830 days from now

4) So where are we now? 

We have a private key, and a self-signed certificate.  The .csr can be deleted if you want.  The only need to keep it is if the certificate needs to be renewed

Next....lets configure LogStash to use the certificate