Configuring SSL for Logstash

When you plan to configure SSL for Logstash, you may consider the following scenarios:

Scenario A: If you are planning to configure SSL during the installation of Logstash, follow these sequence of steps:

  1. Complete the installation of Logstash.

  2. Configure SSL for Logstash. Follow the steps described in the Configuring SSL section.

  3. Start the Logstash service.

  4. Set up external data integration with PeopleSoft.

    See Setting Up the Integration of External Data with PeopleSoft.

Scenario B: If you have installed Logstash and completed setting up external data integration with PeopleSoft, follow these sequence of steps:

  1. Navigate to the Manage External Search Index page (PeopleTools > Search Framework > Deploy External Source Defns > Manage External Search Index) and select Stop to abort the indexing process.

    See Building an Index for an External Data Search Definition.

  2. Delete the external search index if not required.

  3. Stop the Logstash service.

  4. Configure SSL for Logstash. Follow the steps described in the Configuring SSL section.

  5. Start the Logstash service.

  6. Set up external data integration with PeopleSoft.

    See Setting Up the Integration of External Data with PeopleSoft.

Configuring SSL

When you configure SSL for Logstash, you need to set the SSL Option field (in the Logstash section) on the Search Instance Properties page to Enable.

To set up SSL for Logstash, complete these steps:

  1. Encrypt the keystore password using the following steps:

    Windows:

    set LOGSTASH_HOME= <Install_Dir>\pt\Logstash8.6.0
set JAVA_HOME= <JAVA_HOME>
LOGSTASH_HOME\pt\bin>PSLSCipher.bat <keystore password>

    Linux:

    export LOGSTASH_HOME= <Install_Dir>\pt\Logstash8.6.0
export JAVA_HOME= <JAVA_HOME>
LOGSTASH_HOME\pt\bin>PSLSCipher.sh <keystore password>

  2. Edit the following parameters in the http section of the orcl_psft_main.config file, which is located at <LOGSTASH_HOME>/orcl_psft_ext_config/orcl_psft_main.config. Copy the encrypted password from step 1 and include in the keystore password parameter.

    input {
  http {
    host => "xxxxxx" # default: 0.0.0.0
    port => yyyy # default: 9800
    ssl => "true"
    keystore => "<Path to Keystore>/mykeystore.jks"
    keystore_password => "<Encrypted Keystore password>"
  }
}

  3. Edit the cacert parameter in the output_type_opensearch section of the psftextdata.template file, which is located at <LOGSTASH_HOME>/orcl_psft_ext_config/orcl_psft_main.config.

    For the cacert parameter, enter the path to the certificate file. For example, if path to the certificate file is C:\dir1\dir2\RootCA.cer, the cacert parameter value should be cacert => "C:\dir1\dir2\RootCA.cer as shown in the following sample:

    <output_type_opensearch>
   opensearch {
     hosts => ["<output.opensearch.hosts>"]
     index => "<output.opensearch.index>"
     user => "osadmin"
     password => "<Encrypted Password>"
     cacert => "C:\dir1\dir2\RootCA.cer"
   }
</output_type_opensearch>

  4. Start the Logstash server using the following batch scripts:

    Windows:

    start_psftext_logstash.bat

    Linux:

    start_psftext_logstash.sh

After setting up SSL for Logstash, you can configure the external data setup, and then begin the indexing process.