TLS/SSL Encryption and Cert Issues FATAL Error 0906D06C:PEM routines:PEM_read_bio:no start line

Ryan_Downey · November 13, 2018, 8:00pm

I have Elasticsearch on one server named 789 and Kibana on another named 1260. I've currently made it up to the point where x-pack is enabled, xpack.security.transport.ssl settings "seem" ok; that is nothing stops communicating when its enabled and I can access the Kibana API. The problem I'm encountering is when I enable xpack.security.http.ssl, keystore.path and truststore.path. Once I uncomment those settings I get the, FATAL Error: error:0906D06C:PEM routines:PEM_read_bio:no start line, issue and I can not figure out how to get past this error. I've been reading other discussions that had this error I just can't seem to resolve it in any way. Below are my elasticsearch and kibana yml settings. URL's and Names are edited down.

Elasticsearch.yml

bootstrap.memory_lock: false
cluster.name: elasticsearch_lab1
http.port: 9200
network.host: 10.XXX.XX.XXX
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: 789
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
#xpack.security.http.ssl.enabled: true
#xpack.security.http.ssl.keystore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
#xpack.security.http.ssl.truststore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12

kibana.yml

server.port: 5601
server.host: "1260"
server.name: "1260"
elasticsearch.url: "https://789"
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "Pleasework18"
xpack.security.encryptionKey: "please_work_for_me_every_time123"
xpack.reporting.encryptionKey: "Pleasework18"
server.ssl.enabled: true
server.ssl.certificate: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
server.ssl.key: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
elasticsearch.ssl.verificationMode: certificate
logging.dest: stdout

Primary error seems to be: FATAL { Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

Heres the full error output:

gist.github.com

https://gist.github.com/Ryan-M-Downey/0c0055ed76062fab7302935cf675935e#file-gistfile1-txt

gistfile1.txt

C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\bin>kibana.bat
  log   [19:32:15.764] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\node_modules\x-pack
  ops   [19:32:15.808]  memory: 129.1MB uptime: 0:00:20 load: [0.00 0.00 0.00] delay: 20.042
  log   [19:32:15.836] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\apm_oss
  log   [19:32:15.888] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\console
  log   [19:32:15.928] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\elasticsearch
  log   [19:32:15.934] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\input_control_vis
  log   [19:32:15.938] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\inspector_views
  log   [19:32:15.944] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\kbn_doc_views
  log   [19:32:16.195] [debug][plugin] Found plugin at C:\Program Files\Elastic\kibana-6.4.3-windows-x86_64\src\core_plugins\kibana

This file has been truncated. show original

Ryan_Downey · November 13, 2018, 9:05pm

After multiple attempts what seems to have worked is switching over to PEM as we are on Windows Server 2016. Makes sense to a certain extent and worth a try if you're having the same issue.

TimV · November 14, 2018, 12:49am

Kibana cannot read PKCS#12 certificates.

system · December 12, 2018, 12:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.