Logstash Http Input Plugin - Encrypted Private Key File is not Valid

Hi, I am trying to use an encrypted private key for a Logstash HTTP Input where both the private key and certificate are stored locally on the server. However, if I encrypt the private key and configure the ssl_key_passphrase, Logstash will not able to read the encrypted private key:

Pipeline error {:pipeline_id=>"main", :exception=>java.lang.IllegalArgumentException: File does not contain valid private key: C:\ELK\logstash-7.10.0\config\Certificates\ca-pkcs8-crypt.key ...

Here is how I created the certificate and private key using Openssl 1.1.1
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -out c:\ca.crt
openssl pkcs8 -in ca.key -topk8 -passout pass:somepassword -out ca-pkcs8-crypt.key
openssl pkcs8 -in ca-pkcs8.key -topk8 -passout pass:somepassword -out ca-pkcs8-crypt.key
Here is what the Logstash configuration file looks like

input {
  http { 
    port => 9601 # default: 8080
    ssl => true
    ssl_certificate => "C:\ELK\logstash-7.10.0\config\Certificates\ca.crt"
    ssl_key => "C:\ELK\logstash-7.10.0\config\Certificates\ca-pkcs8-crypt.key"
    ssl_key_passphrase => "somepassword"
  }
}

If I don't encrypt the private key, HTTPS call will work. Why wouldn't my encrypted private key work, please advise.

Summary

This text will be hidden

As a reference, here is the full stack of the Logstash exception

[2021-05-18T12:36:38,560][ERROR][logstash.javapipeline    ][main] 
Pipeline error {:pipeline_id=>"main", :exception=>java.lang.IllegalArgumentException: File does not contain valid private key: 
C:\ELK\logstash-7.10.0\config\Certificates\ca-pkcs8-crypt.key, 
:backtrace=>["io.netty.handler.ssl.SslContextBuilder.keyManager(io/netty/handler/ssl/SslContextBuilder.java:350)", 
"io.netty.handler.ssl.SslContextBuilder.forServer(io/netty/handler/ssl/SslContextBuilder.java:107)", 
"org.logstash.plugins.inputs.http.util.SslSimpleBuilder.build(org/logstash/plugins/inputs/http/util/SslSimpleBuilder.java:89)", 
"jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)", 
"jdk.internal.reflect.NativeMethodAccessorImpl.invoke(jdk/internal/reflect/NativeMethodAccessorImpl.java:62)", 
"jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(jdk/internal/reflect/DelegatingMethodAccessorImpl.java:43)", 
"java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:566)", 
"org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:426)", 
"org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:293)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java.lib.logstash.inputs.http.build_ssl_params(C:/ELK/logstash-7.10.0/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.5-java/lib/logstash/inputs/http.rb:237)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java.lib.logstash.inputs.http.RUBY$method$build_ssl_params$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java/lib/logstash/inputs/C:/ELK/logstash-7.10.0/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.5-java/lib/logstash/inputs/http.rb)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java.lib.logstash.inputs.http.create_http_server(C:/ELK/logstash-7.10.0/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.5-java/lib/logstash/inputs/http.rb:214)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java.lib.logstash.inputs.http.RUBY$method$create_http_server$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java/lib/logstash/inputs/C:/ELK/logstash-7.10.0/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.5-java/lib/logstash/inputs/http.rb)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java.lib.logstash.inputs.http.register(C:/ELK/logstash-7.10.0/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.5-java/lib/logstash/inputs/http.rb:146)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java.lib.logstash.inputs.http.RUBY$method$register$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_http_minus_3_dot_3_dot_5_minus_java/lib/logstash/inputs/C:/ELK/logstash-7.10.0/vendor/bundle/jruby/2.5.0/gems/logstash-input-http-3.3.5-java/lib/logstash/inputs/http.rb)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.register_plugins(C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb:228)", 
"org.jruby.RubyArray.each(org/jruby/RubyArray.java:1809)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.register_plugins(C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb:227)",
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$register_plugins$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/logstash_minus_core/lib/logstash/C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb)",
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.start_inputs(C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb:386)",
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$start_inputs$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/logstash_minus_core/lib/logstash/C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb)", 
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.start_workers(C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb:311)",
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$start_workers$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/logstash_minus_core/lib/logstash/C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb)",
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.run(C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb:185)", "C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$run$0$__VARARGS__(C_3a_/ELK/logstash_minus_7_dot_10_dot_0/logstash_minus_core/lib/logstash/C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb)",
"C_3a_.ELK.logstash_minus_7_dot_10_dot_0.logstash_minus_core.lib.logstash.java_pipeline.start(C:/ELK/logstash-7.10.0/logstash-core/lib/logstash/java_pipeline.rb:137)",
"org.jruby.RubyProc.call(org/jruby/RubyProc.java:318)",
"java.lang.Thread.run(java/lang/Thread.java:834)"],
"pipeline.sources"=>["C:/ELK/logstash-7.10.0/config/settings.conf"], 
:thread=>"#<Thread:0x52fc7afe run>"}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.