I was using elasticsearch and kibana using xpack before. There I generated the certificates and root ca using the certutil tool, which elastichsearch provides. i have created certificates in .crt and .key suffix
Now I am trying to setup searchguard. It looks like I cannot simply reuse the existing certificates am I right? In the logs I have following errors:
[2020-06-03T12:49:49,888][ERROR][c.f.s.s.DefaultSearchGuardKeyStore] [elastic01] Your keystore or PEM does not contain a key. If you specified a key password, try removing it. If you did not specify a key password, perhaps you need to if the key is in fact password-protected. Maybe you just confused keys and certificates.
Caused by: org.elasticsearch.ElasticsearchSecurityException: Error while initializing transport SSL layer from PEM: java.lang.IllegalArgumentException: File does not contain valid private key: /home/usesr/bin/elasticsearch/config/certs/elastic01/elastic01.key
Caused by: java.security.KeyException: could not find a PKCS #8 private key in input stream
Do I need to recreate all the certificates for my nodes or can I just format them to anything so searchguard can read them?
I tried to convert they private key to pkcs8 format but stll receive following error that the does not contain a valid private key
This is my elastic config.
searchguard.ssl.transport.pemcert_filepath: certs/elastic01/elastic01.crt searchguard.ssl.transport.pemkey_filepath: certs/elastic01/elastic01.key searchguard.ssl.transport.pemkey_password: changeme searchguard.ssl.transport.pemtrustedcas_filepath: certs/ca.crt searchguard.ssl.transport.enforce_hostname_verification: true searchguard.authcz.admin_dn: - CN=kirk,OU=client,O=client,L=test, C=de searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: certs/elastic01/elastic01.crt searchguard.ssl.http.pemkey_filepath: certs/elastic01/elastic01.key searchguard.ssl.http.pemkey_password: changeme searchguard.ssl.http.pemtrustedcas_filepath: certs/ca.crt