Filebeat private key parse error

Elastic Stack Beats
3

Hi Adrian,

thank you for your support. Unfortunately it's still not working and the same error occurs.

My set up is the following:

VM1 (eStack)
Kibana-->Elasticsearch<--Logstash

<|Stunnel|>

VM2 (eClient)
Redis<--Filebeat

VM1 is also my CA.

May be this helps for further troubleshooting.

Best regards,
Simon

Appendix:

eClient:/etc/filebeat/certs # openssl s_client -connect eClient:443 -CAfile signing-ca-chain.pem -cert client1.crt -key client1.key -showcerts -debug
Enter pass phrase for client1.key:

CONNECTED(00000003)
write to 0x18f02e0 [0x18f0360] (293 bytes => 293 (0x125))
[...]
read from 0x18f02e0 [0x18f58c0] (7 bytes => 7 (0x7))
[...]
read from 0x18f02e0 [0x18f58ca] (92 bytes => 92 (0x5C))
[...]
read from 0x18f02e0 [0x18f58c3] (5 bytes => 5 (0x5))
0000 - 16 03 03 11 1b                                    .....
read from 0x18f02e0 [0x18f58c8] (4379 bytes => 3992 (0xF98))
[...]
read from 0x18f02e0 [0x18f6860] (387 bytes => 387 (0x183))
[...]                                j[.
depth=2 DC = com, DC = de, O = CGI, OU = RePub, CN = eStack Root CA
verify return:1
depth=1 DC = com, DC = de, O = CGI, OU = RePub, CN = eStack Signing CA
verify return:1
depth=0 DC = com, DC = de, O = CGI, CN = eStack
verify return:1
read from 0x18f02e0 [0x18f58c3] (5 bytes => 5 (0x5))
[...]
read from 0x18f02e0 [0x18f58c8] (589 bytes => 589 (0x24D))
[...]
read from 0x18f02e0 [0x18f58c3] (5 bytes => 5 (0x5))
[...]
write to 0x18f02e0 [0x18ff560] (12 bytes => 12 (0xC))
[...]
write to 0x18f02e0 [0x18ff560] (75 bytes => 75 (0x4B))
[...]
write to 0x18f02e0 [0x18ff560] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
write to 0x18f02e0 [0x18ff560] (45 bytes => 45 (0x2D))
[...]
read from 0x18f02e0 [0x18f58c3] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02                                    .....
read from 0x18f02e0 [0x18f58c8] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
140080001230480:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40
140080001230480:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
 0 s:/DC=com/DC=de/O=CGI/CN=eStack
   i:/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Signing CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
 1 s:/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Signing CA
   i:/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Root CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
 2 s:/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Root CA
   i:/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Root CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
---
Server certificate
subject=/DC=com/DC=de/O=CGI/CN=eStack
issuer=/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Signing CA
---
Acceptable client certificate CA names
/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Signing CA
/DC=com/DC=de/O=CGI/OU=RePub/CN=eStack Root CA
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5338 bytes and written 138 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 9452A41BA37702F4CF049E9F9BE309BBD8116FBD54D01D695DE58676F44F9869
    Session-ID-ctx:
    Master-Key: 4B5E5891948F82244B0411F11365BDCB590A03B0E6AE0DB7CBAF65064F06117BAD54630146008109A3F12152500D8E06
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1518601431
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

eClient:/etc/filebeat/certs # openssl s_client -state -nbio -connect eClient:443 2>&1 | grep "^SSL"

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:error in SSLv3 read server certificate A
SSL_connect:error in SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:error in SSLv3 read finished A
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
SSL handshake has read 5338 bytes and written 138 bytes
SSL-Session: