Sgadmin fails with "File does not contain valid private key"

manjupiyumal · May 10, 2019, 12:35am

Hi,

I’m setting up my ELK stack with searchguard plugin. I have generated my keys using following command

keytool -genkeypair -keyalg RSA -keystore elk_keystore.p12 -storetype PKCS12 -storepass -sigalg SHA256withRSA -keysize 4096 -alias elkserver -keypass -validity 1825 -dname “O=<org_name>, L=, ST=, C=<country_code>, CN=<my_cn_name>”

I was able to start elasticsearch with the above keys and certificates, however when I’m trying to run the sgadmin command using the above keys, I’m getting following error.
java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
…
Caused by: ElasticsearchSecurityException[Error while initializing transport SSL layer from PEM: java.lang.IllegalArgumentException: File does not contain valid private key: …

Please see below my elasticsearch.yml

searchguard.ssl.transport.pemcert_filepath: elasticserver.cer
searchguard.ssl.transport.pemkey_filepath: elasticserver.key
searchguard.ssl.transport.pemtrustedcas_filepath: intermediate-root-integrated.cer
searchguard.ssl.transport.enforce_hostname_verification: true
searchguard.ssl.http.enabled: true

searchguard.ssl.http.pemcert_filepath: elasticserver.cer
searchguard.ssl.http.pemkey_filepath: elasticserver.key
searchguard.ssl.http.pemtrustedcas_filepath: intermediate-root-integrated.cer
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
  - 'CN=$$my_cn$$, O=$$my_org$$, C=$$country_code$$, L=$$country$$, ST=$$country$$'
searchguard.nodes_dn:
  - 'CN=$$my_cn$$, O=$$my_org$$, C=$$country_code$$, L=$$country$$, ST=$$country$$'

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.security.enabled: false

I have used same certificates as both admin and node certificates. This is the sgadmin command I have used,

./sgadmin.sh -h -p 9300 -cn elasticsearch -cd …/sgconfig/ -nhnv -cacert <path_to_intermediate-root-integrated.cer> -cert <path_to_elasticserver.cer> -key <path_to_elasticserver.key> -keypass

Kindly help to find out what is the problem here.

Thanks in advance.

cstaley · May 11, 2019, 8:40pm

Is your elasticserver.key file encrypted (with a password)?

manjupiyumal · May 14, 2019, 2:45pm

Yes it’s. I have provided the password to sgadmin with keypass parameter

cstaley · June 4, 2019, 1:52pm

You did not specifiy a password in elasticsearch.yml . Try to set searchguard.ssl.transport.pemkey_password and searchguard.ssl.http.pemkey_password

system · June 25, 2019, 1:52pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search Guard certificate error Search Guard	1	1191	February 1, 2018
File does not contain valid private key: /etc/elasticsearch/node1.key Search Guard	8	11561	August 31, 2018
sgadmin fails please solve this issue Search Guard	2	427	November 1, 2017
TLS certificate error in searchgurad. File does not contain valid private key Error Search Guard	5	1251	July 31, 2018
"failed to load plugin class" When using Sgadmin Search Guard	5	2152	February 3, 2019

Sgadmin fails with "File does not contain valid private key"

Related Topics