FATAL Error : error: 0907B068:PEM routines PEM_READ_BIO_PRIVATEKEY bad password read

PinkiMondal · April 13, 2018, 5:13am

Hi All

I am getting this error while executing Kibana.bat
Please tell how to resolve it

FATAL Error: error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read
at Error (native)
at Object.createSecureContext (_tls_common.js:90:19)
at Server (_tls_wrap.js:776:25)
at Server (https.js:26:14)
at new Server (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\node_modules@elastic\httpolyglot\lib\index.js:20:18)
at Object.exports.createServer (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\node_modules@elastic\httpolyglot\lib\index.js:122:10)
at KbnServer.exports.default (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\http\setup_connection.js:40:37)
at D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\kbn_server.js:149:20
at next (native)
at step (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\kbn_server.js:77:191)
at D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\kbn_server.js:77:437
at D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\kbn_server.js:77:99
at KbnServer.mixin (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\kbn_server.js:165:7)
at KbnServer. (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\http\index.js:56:21)
at next (native)
at step (D:\PinkiMondal\elastic5\kibana-5.4.1-windows-x86-SSL\kibana-5.4.1-windows-x86\src\server\http\index.js:49:191)

thomasneirynck · April 13, 2018, 6:57pm

hi @PinkiMondal,

do you have any more information? Is this just the vanilla version of Kibana for Windows? Have you made any modifications to the kibana.yml?

PinkiMondal · April 16, 2018, 4:12am

Yes I have added SSL configuration as shown below:

Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
The default is 'localhost', which usually means remote machines will not be able to connect.
To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "localhost"

Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
to Kibana. This setting cannot end in a slash.
server.basePath: ""

The maximum payload size in bytes for incoming server requests.
server.maxPayloadBytes: 1048576

The Kibana server's name. This is used for display purposes.
server.name: "your-hostname"

The URL of the Elasticsearch instance to use for all your queries.
server.host: "127.0.0.1"

elasticsearch.preserveHost: true

elasticsearch.url: "https://127.0.0.1:9200"

elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"

Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: D:/PinkiMondal/elastic5/elasticsearch-5.4.1-SSL/elasticsearch-5.4.1/config/search-guard-certificates/node-certificates/cert.pem
server.ssl.key: D:/PinkiMondal/elastic5/elasticsearch-5.4.1-SSL/elasticsearch-5.4.1/config/search-guard-certificates/node-certificates/key.pem

Optional settings that provide the paths to the PEM-format SSL certificate and key files.
These files validate that your Elasticsearch backend uses the same key files.
elasticsearch.ssl.certificate: D:/PinkiMondal/elastic5/elasticsearch-5.4.1-SSL/elasticsearch-5.4.1/config/search-guard-certificates/node-certificates/cert.pem
elasticsearch.ssl.key: D:/PinkiMondal/elastic5/elasticsearch-5.4.1-SSL/elasticsearch-5.4.1/config/search-guard-certificates/node-certificates/key.pem

elasticsearch.ssl.certificateAuthorities: ["D:/PinkiMondal/elastic5/elasticsearch-5.4.1-SSL/elasticsearch-5.4.1/config/search-guard-certificates/root-ca/root-ca.pem"]

elasticsearch.ssl.verificationMode: certificate

elasticsearch.requestTimeout: 60000

console.proxyConfig:

match:
protocol: "https"
ssl:
verify: false

searchguard.basicauth.enabled: true
searchguard.cookie.secure: true
searchguard.cookie.ttl: 0
searchguard.session.ttl: 600000
searchguard.session.keepalive: false

kibana login page
searchguard.basicauth.login.showbrandimage: true
searchguard.basicauth.login.brandimage: http://static.sify.com/cms/image/qkvmHeeeaffed.jpg
searchguard.basicauth.login.title: Please login to Kibana
headers, set this value to [] (an empty list).
elasticsearch.requestHeadersWhitelist: [ authorization ]
headers, set this value to [] (an empty listelasticsearch.requestHeadersWhitelist: [ authorization ]

Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten

system · May 14, 2018, 4:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.