Elastic stack issues Certificates and Kibana is not ready yet

First, thank you very much for your explanations about certificates. I was confused about PKCS8 format and the ecryption of the private key, but now it's OK.

The most likely cause is that your private key has a password (that is, it is encrypted) and you didn't provide that password to Logstash. In that case the code that reads the private key in Logstash will assume it is not encrypted, and then fail because it's not encoded correctly.

Thanks to you I realized that I used the following command :

openssl pkcs8 -in logstash.key -topk8 -out logstash.pkcs8.key

Like you said it, I didn't specify the password to Logstash and in addition I encrypted the private key so the server couldn't read the file.

In the next command I specify -nocrypt option and it generated a new file with the private key in the PKCS8 format without encryption.

openssl pkcs8 -in logstash.key -topk8 -nocrypt -out logstash.pkcs8.key

Note: Thanks to this message too Settings SSL/TLS setup with PKCS8 keys - #2 by ikakavas :slight_smile:

Now the error about certificate disappeared but there is a new one :

Feb 19 14:37:23 logstash logstash[25980]: [2021-02-19T14:37:23,317][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:5044, remote: 10.56.244.177:45616] Handling exception: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE

For this one I found a topic with a response from you --> Logstash 7.5 with SSL giving SSLV3_ALERT_BAD_CERTIFICATE - #3 by TimV

And I saw that 10.56.244.177 is my suricata IDS server, the certificate was expirated too. So, Logstash says "I don't trust your certificate" to suricata. So, I changed it and there are no more SSL errors on Logstash.

About Elasticsearch and Kibana :

The few logs which are in the topics are repeated thousand of times. There are no others logs which can helps. I will continue to investigate maybe I will find something more explicit about "Kibana is not ready yet" error !

Anyway, thank you a lot for the help with logstash and certificates.