[REQUEST]: Document Extended Key Usage for logstash output

[jguay]

Description

There is no mention of Extended Key Usage (RFC 3280 extension point 4.2.1.13) required value(s) when certificates are not generated using elasticsearch-certutil to secure agent connection to fleet-managed logstash output

Possible improvement

Confirm the requirements are same as for beats example for filebeat doc and just copy the same statement at the beginning of https://www.elastic.co/guide/en/fleet/current/secure-logstash-connections.html#generate-logstash-certs:

If you choose not to use certutil, the certificates that you obtain must allow for both clientAuth and serverAuth if the extended key usage extension is present.

Resources

Potentially check we use same libbeat code for logstash output managed by fleet so requirements documented for beats would apply equally

Collaboration

The documentation team will investigate the issue and create the initial content.

Point of contact.

Main contact: @jguay

Stakeholders:

[kilfoyle]

I've opened a docs PR: #1758
We'll just need confirmation from development to make sure that the requirement applies to Fleet's Logstash output as it does to Filebeat.

[colleenmcginnis]

@kilfoyle do you want to see this one through or would you like to hand it off?

[kilfoyle]

@colleenmcginnis Thanks. I'm happy to hand it off. I don't think I can transfer authorship of the PR, but I don't mind keep it open if that helps. I'm reluctant to merge it until we have confirmation from engineering.

[colleenmcginnis]

We can keep it open, and I'll just assign myself and shepherd it along if that's ok with you. 🙂

[kilfoyle]

Sure thing. Thanks Colleen!