Install shield on kibana gives PEM error

Question

I'm using sebp/elk docker for ES/Kibana/Logstash and everything usually works like a charm.

Now I want to try installing shield on all components and everything's ok except kibana.

root@2f6452f2e11e:/opt/kibana# bin/kibana plugin --install kibana/shield/latest
Installing shield
Attempting to transfer from https://download.elastic.co/kibana/shield/shield-latest.tar.gz
Transferring 5887233 bytes....................
Transfer complete
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "error:0906A068:PEM routines:PEM_do_header:bad password read"

I followed instructions from here: https://www.elastic.co/guide/en/shield/current/kibana.html It says about configuring server.ssl.* properties which I did after creating those with openssl. I guess the error is something with certificates, but I'm not sure what to do. I tried playing with installation of certificates, registering and stuff, but I might be doing something wrong.

After that, when Kibana tries to start it simply fails (from kibana4.log):

["error","elasticsearch"],"pid":211,"message":"Request error, retrying -- connect ECONNREFUSED"}
["warning","elasticsearch"],"pid":211,"message":"Unable to revive connection: http://localhost:9200/"}
["warning","elasticsearch"],"pid":211,"message":"No living connections"}
  ["status","plugin:elasticsearch","error"],"pid":211,"name":"plugin:elasticsearch","state":"red","message": "Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.","prevState":"green","prevMsg":"Kibana index ready"}

From elasticsearch log:

[2016-03-13 11:35:42,843][INFO ][rest.suppressed          ] / Params: {}
ElasticsearchSecurityException[missing authentication token for REST request [/]]
    at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)
    at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:65)
    at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(InternalAuthenticationService.java:102)
    at org.elasticsearch.shield.rest.ShieldRestFilter.process(ShieldRestFilter.java:71)
    at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:265)
    at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)

Any sort of direction would be very appreciated.

score 4 · Accepted Answer · answered Mar 19 '16 at 21:22

4

The problem was that .key file from certificate was not properly created.

After those:

1. openssl genrsa -des3 -out [domain].key 1024
2. openssl req -new -key [domain].key -out [domain].csr
3. openssl x509 -req -days 365 -in [domain].csr -signkey [domain].key -out [domain].crt

This was also needed for .key file to be valid:

openssl rsa -in [domain].key -out [domain].key

answered Mar 19 '16 at 21:22

EddieHR

153
2
11

Thank you a lot :) – d3vpasha Apr 20 '17 at 15:08

score 0 · Answer 2 · answered Mar 18 '16 at 05:53

0

Comment out server.key & server.crt in kibana.yml and then try installing.

answered Mar 18 '16 at 05:53

raul

631
2
10
23

Those are mandatory, when i comment those I get this in kibana4.log: HTTPS is required. Please set server.ssl.key and server.ssl.cert in kibana.yml. Here, in bullet 4 here, it says it is mandatory: https://www.elastic.co/guide/en/shield/current/kibana.html. Now, I'm not sure how to use those. I created these files on host with openssl, but it seems that it is not ok...? – EddieHR Mar 19 '16 at 18:10

Install shield on kibana gives PEM error

2 Answers2