All Collections
Logs Management
How to update your SSL configuration for Elastic Beats and Rsyslog
How to update your SSL configuration for Elastic Beats and Rsyslog
Kieran Southern avatar
Written by Kieran Southern
Updated over a week ago

To view the SSL Certificate Expiry Notice it can be found here.

The updated certificate file contains both the old and new root certificates and should be updated as soon as possible, if you have any issues with the new certificate, please contact us.


If you’re not sending over an encrypted connection no changes are required, but we would urge you to upgrade to a TLS endpoint.

Look for the double @@ before the logstash address to confirm.

Sample configuration snippet:

$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/

$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *


Rsyslog will only accept a single file name to verify the SSL connection with, but you can have more than one certificate in that file.

Replace the certificate file with a new file available from here

Restart rsyslog and confirm it’s reconnected and still sending data and reporting no errors.

Legacy Filebeat / Metricbeat / Other Elastic Beats 

With older configurations (typically v1.3 or below) you may have specified a certificate_authority and will need to update the intermediate.crt on your system, see below and example:


    certificate_authorities: ['/etc/pki/tls/certs/']
    enabled: true

Please download the new certificate and replace the old intermediate.crt.

Newer configurations that do not specify a certificate_authority are unlikely to require configuration changes, however you may need to add our intermediate to your certificate store as per your OS defaults, see below for an example which requires no action:

  ssl.enabled: true

Did this answer your question?