TLS/SSL Encryption and Cert Issues FATAL Error 0906D06C:PEM routines:PEM_read_bio:no start line


(Ryan Downey) #1

I have Elasticsearch on one server named 789 and Kibana on another named 1260. I've currently made it up to the point where x-pack is enabled, settings "seem" ok; that is nothing stops communicating when its enabled and I can access the Kibana API. The problem I'm encountering is when I enable, keystore.path and truststore.path. Once I uncomment those settings I get the, FATAL Error: error:0906D06C:PEM routines:PEM_read_bio:no start line, issue and I can not figure out how to get past this error. I've been reading other discussions that had this error I just can't seem to resolve it in any way. Below are my elasticsearch and kibana yml settings. URL's and Names are edited down.


bootstrap.memory_lock: false elasticsearch_lab1
http.port: 9200 10.XXX.XX.XXX true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1 789 C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: basic true true certificate C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12 C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12 true C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12 C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12


server.port: 5601 "1260" "1260"
elasticsearch.url: "https://789"
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "Pleasework18" "please_work_for_me_every_time123"
xpack.reporting.encryptionKey: "Pleasework18"
server.ssl.enabled: true
server.ssl.certificate: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
server.ssl.key: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
elasticsearch.ssl.verificationMode: certificate
logging.dest: stdout

Primary error seems to be: FATAL { Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

Heres the full error output:

(Ryan Downey) #2

After multiple attempts what seems to have worked is switching over to PEM as we are on Windows Server 2016. Makes sense to a certain extent and worth a try if you're having the same issue.

(Tim Vernum) #3

Kibana cannot read PKCS#12 certificates.

(system) closed #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.