Logstash SSL configuration invalid SecretKeyFactory not available

Hi folks,

I am facing following error and I am out of options to fix it:

[2021-08-10T14:43:44,743][ERROR][logstash.inputs.beats    ][test_pipeline] SSL configuration invalid {:exception=>Java::JavaLang::IllegalArgumentException, :message=>"File does not contain valid private key: /path/to/server.pkcs8.key", :cause=>{:exception=>Java::JavaSecurity::NoSuchAlgorithmException, :message=>"1.2.840.113549.1.5.13 SecretKeyFactory not available"}}
[2021-08-10T14:43:44,938][ERROR][logstash.javapipeline    ][test_pipeline] Pipeline error {:pipeline_id=>"test_pipeline", :exception=>#<LogStash::ConfigurationError: File does not contain valid private key: /path/to/server.pkcs8.key>, :backtrace=>[some backtrace]}

my pipeline input config:

input {
  beats {
    port => 6150
    ssl => true
    ssl_certificate_authorities => ["path/to/ca.crt"]
    ssl_certificate => "path/to/server.crt"
    ssl_key => "path/to/server.pkcs8.key"
    ssl_key_passphrase => passphrase
    ssl_verify_mode => "force_peer"

I am looking forward to any hint.


1.2.840.113549.1.5.13 is PBES2.

There were issues around this in Java 8, and this is an interesting tale of woe. I suspect you will have to do similar asn1parse calls to figure out what is actually in your key file.

If the key file is valid then changing security providers might fix it.

Ok thanks for the hint. Before jumping into debugging private key I tried to recreate pkcs8 private key for the beats input plugin using this:

Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm (3DES):

 openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES

After converting the key using this 3DES algorith, my pipeline started successfuly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.