Settings SSL/TLS setup with PKCS8 keys

souf_el_badraoui · April 10, 2018, 1:56pm

Hi, I'm trying to set up SSL/TLS with x-pack and running into this on all nodes
Caused by: java.lang.IllegalArgumentException: parsed an unsupported object [PKCS8EncryptedPrivateKeyInfo]
My configuration elasticsearch.yml

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/cert/elastic.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/cert/elastic.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/cert/vaca.crt"]

Can you help me please !

ikakavas · April 10, 2018, 2:27pm

Hello,

Your elastic.key is encrypted and encoded with PKCS#8. Unfortunately, we do not currently support PKCS#8 encoded encrypted (password protected) private keys. We support

unencrypted PKCS#8 encoded private keys
unencrypted PKCS#1 encoded (also known as OpenSSL format) keys
encrypted(password protected) PKCS#1 encoded (also known as OpenSSL format) keys
PKCS#12 keystores (possible password protected) that contain private keys and certificates

A workaround for now would be to convert your key to PKCS#1

openssl rsa -des3 -in elastic.key -out elastic-pkcs1.key

and follow the prompts from entering the password to protect the key. You can change the algorithm used for encrypting the key (-des3 as in triple DES) to -aes128 , -aes192 or -aes256 if you prefer.

system · May 8, 2018, 2:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.