- Elasticsearch version - 6.5.1
kibana version 6.5.1
SearchGuard plugin 6.5.1
OS: centos 7
TLS offline to generate certificate.
JVM - Java 1.8.0
Hello all,
I have installed elasticsearch, kibana and searchguard. All version 6.5.1
And all are working fine till I wanna connect kibana to elasticsearch
But the program keep exiting and is due to this error.
waiting for elasticsearch_tls_common.js:104
c.context.setkey(options.key,options.passhrase)
error:06065064: digital envelope routines: EVP_DecryptFinal_ex: bad_decrypt:
Does anyone know if there is any missing configuration from the file.
Kindly help.
Urgent.
sg_config.yml is default from the demo version
elasticsearch.ymlelasticsearch.yml (3.8 KB)
kibana.yml (5.4 KB)
From the error message I’d say that the key you configured here:
elasticsearch.ssl.key: AdminNode.key
is actually password protected, is this correct?
If so you probably also need to set:
elasticsearch.ssl.keyPassphrase
For debugging purposes, can you just comment these two lines in your kibana.yml and see if it makes a difference?
elasticsearch.ssl.certificate: AdminNode.pem
elasticsearch.ssl.key: AdminNode.key
Also, if you set the verification mode to none:
elasticsearch.ssl.verificationMode: none
You actually do not need to specify the root CA:
elasticsearch.ssl.certificateAuthorities: ["root-ca.pem" ]
1 Like
Hi jkressin,
Thanks for the reply.
By commenting out both the pem and .key, I able to connect es with kibana with search guard.
But may I know whats the actual reason behind commenting this two lines.
system
Closed
5
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.