A change has been made in Log Insight 3.0 in regards to how SSL management is handled. Read on to learn more!
Background
In Log Insight 2.0 clustering was introduced. With Log Insight 2.0 uploading a SSL certification via the Administration UI only changed the SSL certificate on the cluster master node. This made sense at the time since the UI was only served by the cluster master node and the Windows agent only supported sending unencrypted messages.
In Log Insight 2.5, the Linux agent was introduced and both the Windows and Linux agent featured the ability to send encrypted messages. This introduced an issue with Log Insight clusters using the integrated load balancer as the load balancer master node needed to have the proper SSL certificate. Since all Log Insight nodes come with unique SSL certificates and uploading a SSL certificate via the integrated load balancer only updated the cluster master node certificate one had to manually go to the UI of each worker and update the SSL certificate.
New in 3.0
In 3.0 the additional manual work has been removed! Upon upgrading to 3.0 the SSL certificate on the cluster master node will automatically be replicated to all existing as well as all future workers nodes. In addition, if a new SSL certificate is uploaded via the Administration section it will also be replicated to all nodes. This means you have full control of SSL management from a central location.
Summary
In Log Insight 3.0 all nodes within a cluster have the same SSL certificate automatically. This applies for upgraded instances, new instances and even new nodes added to existing clusters. This SSL certificate is used for both ingestion as well as query traffic.
© 2015, Steve Flanders. All rights reserved.
