I try configure metricbeat to ssl connect, but when start metricbeat i have this error:

2018-11-28T17:43:31.512Z INFO instance/beat.go:286 Setup Beat: metricbeat; Version: 6.4.3

2018-11-28T17:43:31.514Z ERROR tlscommon/tls.go:63 Failed loading client certificate%!(EXTRA *errors.errorString=tls: failed to parse private key)

2018-11-28T17:43:31.514Z INFO instance/beat.go:340 metricbeat stopped.

2018-11-28T17:43:31.538Z ERROR instance/beat.go:764 Exiting: error initializing publisher: 1 error: tls: failed to parse private key

config:

#-------------------------- Elasticsearch output ------------------------------

output.elasticsearch:

Array of hosts to connect to.

hosts: [“hostname:9200”]

Optional protocol and basic auth credentials.

protocol: “https”

#username: “admin”

#password: “admin”

#ssl.verification_mode: none

ssl.certificate_authorities: [“/etc/metricbeat/root-ca.pem”]

ssl.certificate: “/etc/metricbeat/dev-test.pem”

ssl.key: “/etc/metricbeat/dev-test.key”

ssl.key_passphrase: ‘xxxxxx’

When i try use user-password - all work fine.

When asking questions, please provide the following information:

• Search Guard and Elasticsearch version

Search Guard and elasticsearch 6.4.3

• Installed and used enterprise modules, if any

No

• JVM version and operating system version

OpenJDK 1.8.0_191, OS CentOS 7.5

• Search Guard configuration files

• Elasticsearch log messages on debug level

• Other installed Elasticsearch or Kibana plugins, if any

Seems like metricbeat (which is implemented in golang) does not like your /etc/metricbeat/dev-test.key keyfile.

Make sure the password given with “ssl.key_passphrase” is correct.

How did you generate this? With OpenSSL? Then pls look here: Filebeat private key parse error - #5 by itspecialistsimon - Beats - Discuss the Elastic Stack

So it seems the private key is not in PKCS8 format. Maybe this helps:

As this is not a directly Search Guard related issue you may want to ask your question also here: https://discuss.elastic.co/