Kibana issue with PEM format

*Running ELK 7.9

Apparently Kibana is not being able to read/parse certificate/key files in PEM format. These file where generated via /usr/share/elasticsearch/bin/elasticsearch-certutil csr , so it should work like a charm, but instead I am getting the following error:

{"type":"log","@timestamp":"2020-08-25T20:09:08Z","tags":["fatal","root"],"pid":14464,"message":"Error: error:0909006C:PEM routines:get_name:no start line\n at Object.createSecureContext (_tls_common.js:135:17)\n at Server (_tls_wrap.js:903:27)\n at new Server (https.js:62:14)\n at Object.createServer (https.js:85:10)\n at module.exports.internals.Core._createListener (/usr/share/kibana/node_modules/hapi/lib/core.js:491:79)\n at new module.exports.internals.Core (/usr/share/kibana/node_modules/hapi/lib/core.js:112:30)\n at new module.exports (/usr/share/kibana/node_modules/hapi/lib/server.js:25:18)\n at createServer (/usr/share/kibana/src/core/server/http/http_tools.js:110:18)\n at HttpServer.setup (/usr/share/kibana/src/core/server/http/http_server.js:84:48)\n at HttpService.runNotReadyServer (/usr/share/kibana/src/core/server/http/http_service.js:162:26)\n at HttpService.setup (/usr/share/kibana/src/core/server/http/http_service.js:78:18)"}

My kibana.yml:

server.ssl.enabled: true
server.ssl.certificate: "/etc/kibana/certs/kibana-server.csr"
server.ssl.key: "/etc/kibana/certs/kibana-server.key"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/elastic-stack-ca.p12" ]
elasticsearch.ssl.verificationMode: certificate


Am I doing something wrong?
Please help!

Thank you


I was able to confirm that Kibana support PKCS#12 format, so I won't need the PEM format.

I believe there's still an issue with the PEM format and Kibana that might be affecting other users, so ELK team, please feel free to just close this thread or to continue investigating for those who might need a solution.

Thank you

Glad you got this working! Also note that you were trying to use a CSR file which is not a certificate, but a a certificate signing request ( I.e. something that you would provide to your CA in order to get back a certificate ) and this is why you were getting the error above.

I did not notice that little detail. Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.