es/kibana: 624
I cannot apply my license, as I am having cert/key problems at the same time. This was originally a demo installation, and I need to put in place my actual cert and key for the host that I have purchased. My error is below. Here is openssl demonstrating that the cert and keys are fine:
openssl rsa -in /etc/elasticsearch/MYKEYHERE.key -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
and my cert:
openssl x509 -in /etc/elasticsearch/MYCERTHERE.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1520776778 (0x5aa5364a)
Signature Algorithm: sha256WithRSAEncryption
and my sgadmin command I am trying to run:
/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key ‘/etc/elasticsearch/MYKEYHERE.key’ -cert ‘/etc/elasticsearch/MYCERTHERE.crt’ -cacert ‘/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem’ -nhnv
I am trying to follow these directions:
Please advise as to why I cannot update my certificates and update my license from the demo license (which I THINK should be what is happening with my sgadmin command).
Thanks!
···
Search Guard Admin v6
Will connect to localhost:9300 … done
08:47:23.270 [main] ERROR com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore - Your keystore or PEM does not contain a key. If you specified a key password, try removing it. If you did not specify a key password, perhaps you need to if the key is in fact password-protected. Maybe you just confused keys and certificates.
ERR: An unexpected IllegalStateException occured: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
Trace:
java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563)
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:104)
at org.elasticsearch.client.transport.TransportClient.newPluginService(TransportClient.java:105)
at org.elasticsearch.client.transport.TransportClient.buildTemplate(TransportClient.java:130)
at org.elasticsearch.client.transport.TransportClient.(TransportClient.java:262)
at com.floragunn.searchguard.tools.SearchGuardAdmin$TransportClientImpl.(SearchGuardAdmin.java:871)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:435)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:123)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554)
… 7 more
Caused by: ElasticsearchSecurityException[Error while initializing transport SSL layer from PEM: java.lang.IllegalArgumentException: File does not contain valid private key: /etc/elasticsearch/MYKEYHERE.key]; nested: IllegalArgumentException[File does not contain valid private key: /etc/elasticsearch/MYKEYHERE.key]; nested: InvalidKeySpecException[Neither RSA, DSA nor EC worked]; nested: InvalidKeySpecException[java.security.InvalidKeyException: IOException : algid parse error, not a sequence]; nested: InvalidKeyException[IOException : algid parse error, not a sequence];
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:292)
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:145)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.(SearchGuardSSLPlugin.java:193)
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:183)
… 12 more
Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /etc/elasticsearch/MYKEYHERE.key
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267)
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:90)
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.buildSSLServerContext(DefaultSearchGuardKeyStore.java:613)
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:287)
… 15 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1045)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265)
… 18 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1043)
… 20 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:352)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:357)
at sun.security.ec.ECPrivateKeyImpl.(ECPrivateKeyImpl.java:73)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
… 22 more
When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version
-
Installed and used enterprise modules, if any
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any