Tcp over SSL error message

Elastic Stack Logstash
#1

I'm attempting to receive syslog events that are being sent over SSL/TLS. I'm using the post at https://groups.google.com/forum/#!topic/logstash-users/PcR0it4wiK0 as an example.

input{
    tcp{
        port => 7007
        ssl_enable => true
        ssl_cacert => "/tmp/ca.crt"
        ssl-cert => "/tmp/mycert.crt"
        ssl_key => "/tmp/mykey.pem"
        ssl_key_passphrase => "secret"
    }
}
filter{
    grok...
}
output{
    stdout{codec=>rubydebug}
}

Configtest comes back OK but when I run I get this error:

Could not initialize SSL context {:exception=>#<OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:> :backtrace=>["org/jruby/ext/openssl/PKeyRSA.java:277:in 'initialize'", etc.

Anyone know what I'm doing wrong?

Craig

#2

bump bump

#3

Are you sure the ssl_key => "/tmp/mykey.pem" only contains your SSL key?

#4

Hi Nick, thanks for responding. I'm kind of new at this certificate business but I did have help from a local guru who's set up multiple java systems. There were a series of events leading up to the .pem file:

  1. using java keytool, created a .jks
  2. using java keytool, imported certificate authorities into .jks
  3. using java keytool, created and submitted a certificate request .csr
  4. received certificate .cer and imported it using java keytool into .jks
  5. using java keytool, exported .jks to .p12
  6. using openssl, I exported .p12 to .pem. So the .pem includes my server's private key and certificates for my server and CAs.
  7. using notepad, I copied private key text from .pem to mykey.key.
  8. using notepad, I copied certificate text to mycert.crt

I tried setting in the tcp input configuration's "ssl_key" option both the .pem with it's multiple components and the mykey.key. On a whim I tried renaming mykey.key to mykey.pem and tried it. In all cases I received the error "Neither PUB key nor PRIV key" on logstash startup.

#5

I do not see this referenced in your example above.

#6

In the example above I listed mykey.pem because that's what was used on https://groups.google.com/forum/#!topic/logstash-users/PcR0it4wiK0. It gave me the "Neither PUB key nor PRIV key" so I started trying other things, one of which was the private encrypted key from the pem file saved as mykey.key. It gave me the same error.

#7

Any ideas @ndrost ?

#8

bump bump

#9