I have an issue about setting up basic security for the Elastic Stack plus secured HTTPS traffic when I try to set on kibana.yml.
Elastic is working and reachable over https but I receive an error are as follow when I try to start kibana;
I stucked and didnt understand why this is happened.
journalctl -u kibana
FATAL Error: ENOENT: no such file or directory, open 'config/kibana-server.key'
and also got more details when I allow root priviledge;
root@es-master-01:/etc/kibana# /usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml --allow-root
log [21:38:01.076] [info][plugins-service] Plugin "osquery" is disabled.
log [21:38:01.158] [warning][config][deprecation] Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0."
log [21:38:01.178] **[fatal][root] Error: error:0909006C:PEM routines:get_name:no start line**
at Object.createSecureContext (_tls_common.js:129:17)
at Server.setSecureContext (_tls_wrap.js:1323:27)
at Server (_tls_wrap.js:1181:8)
at new Server (https.js:66:14)
at Object.createServer (https.js:91:10)
at module.exports.internals.Core._createListener (/usr/share/kibana/node_modules/@hapi/hapi/lib/core.js:539:79)
at new module.exports.internals.Core (/usr/share/kibana/node_modules/@hapi/hapi/lib/core.js:133:30)
at new module.exports (/usr/share/kibana/node_modules/@hapi/hapi/lib/server.js:23:18)
at createServer (/usr/share/kibana/src/core/server/http/http_tools.js:108:18)
at HttpServer.setup (/usr/share/kibana/src/core/server/http/http_server.js:90:48)
at HttpService.runNotReadyServer (/usr/share/kibana/src/core/server/http/http_service.js:165:26)
at HttpService.setup (/usr/share/kibana/src/core/server/http/http_service.js:80:18)
at Server.setup (/usr/share/kibana/src/core/server/server.js:192:23)
at Root.setup (/usr/share/kibana/src/core/server/root/index.js:47:14)
at bootstrap (/usr/share/kibana/src/core/server/bootstrap.js:99:5)
at Command.<anonymous> (/usr/share/kibana/src/cli/serve/serve.js:169:5) {
library: 'PEM routines',
function: 'get_name',
reason: 'no start line',
code: 'ERR_OSSL_PEM_NO_START_LINE'
}
elasticsearch.yml
cluster.name: "ELK_Stack"
node.name: es-master-01.
node.master: true
node.data: true
cluster.initial_master_nodes: "192.168.1.10"
path:
data: /var/lib/elasticsearch
logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts: ["192.168.1.10", "192.168.1.12"]
xpack.security.enabled: true
# Transport layer
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
# HTTP layer
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.path: "elasticsearch/es-master-01/http.p12"
kibana.yml
server.port: 5601
server.host: "0.0.0.0"
server.name: es-master-01
elasticsearch.hosts: ["https://192.168.1.10:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "xxxXXxxx"
elasticsearch.ssl.certificateAuthorities: [ "config/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: config/kibana-server.csr
server.ssl.key: config/kibana-server.key
xpack.security.enabled: true
xpack.encryptedSavedObjects.encryptionKey: 'asmndbaskdhaskdhasdaksjhdkasda'