TLS/SSL Encryption and Cert Issues FATAL Error 0906D06C:PEM routines:PEM_read_bio:no start line

security

(Ryan Downey) #1

I have Elasticsearch on one server named 789 and Kibana on another named 1260. I've currently made it up to the point where x-pack is enabled, xpack.security.transport.ssl settings "seem" ok; that is nothing stops communicating when its enabled and I can access the Kibana API. The problem I'm encountering is when I enable xpack.security.http.ssl, keystore.path and truststore.path. Once I uncomment those settings I get the, FATAL Error: error:0906D06C:PEM routines:PEM_read_bio:no start line, issue and I can not figure out how to get past this error. I've been reading other discussions that had this error I just can't seem to resolve it in any way. Below are my elasticsearch and kibana yml settings. URL's and Names are edited down.

Elasticsearch.yml

bootstrap.memory_lock: false
cluster.name: elasticsearch_lab1
http.port: 9200
network.host: 10.XXX.XX.XXX
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: 789
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
#xpack.security.http.ssl.enabled: true
#xpack.security.http.ssl.keystore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
#xpack.security.http.ssl.truststore.path: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12

kibana.yml

server.port: 5601
server.host: "1260"
server.name: "1260"
elasticsearch.url: "https://789"
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "Pleasework18"
xpack.security.encryptionKey: "please_work_for_me_every_time123"
xpack.reporting.encryptionKey: "Pleasework18"
server.ssl.enabled: true
server.ssl.certificate: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
server.ssl.key: C:\ProgramData\Elastic\Elasticsearch\config\certs\elastic-certificates.p12
elasticsearch.ssl.verificationMode: certificate
logging.dest: stdout

Primary error seems to be: FATAL { Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

Heres the full error output:


(Ryan Downey) #2

After multiple attempts what seems to have worked is switching over to PEM as we are on Windows Server 2016. Makes sense to a certain extent and worth a try if you're having the same issue.


(Tim Vernum) #3

Kibana cannot read PKCS#12 certificates.