在kibana上安装盾牌会产生PEM错误

时间:2016-03-13 11:57:01

标签: ssl kibana kibana-4 elastic-shield

我使用sebp / elk docker for ES / Kibana / Logstash,一切都像魅力一样。

现在我想尝试在所有组件上安装盾牌,除了kibana之外一切都还可以。

root@2f6452f2e11e:/opt/kibana# bin/kibana plugin --install kibana/shield/latest
Installing shield
Attempting to transfer from https://download.elastic.co/kibana/shield/shield-latest.tar.gz
Transferring 5887233 bytes....................
Transfer complete
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "error:0906A068:PEM routines:PEM_do_header:bad password read"

我按照此处的说明操作:https://www.elastic.co/guide/en/shield/current/kibana.html 它说关于配置server.ssl。*属性,我在使用openssl创建后使用了这些属性。我猜这个错误是证书,但我不知道该怎么做。我试过安装证书,注册和东西,但我可能做错了。

之后,当Kibana尝试启动它时,它就失败了(来自kibana4.log):

["error","elasticsearch"],"pid":211,"message":"Request error, retrying -- connect ECONNREFUSED"}
["warning","elasticsearch"],"pid":211,"message":"Unable to revive connection: http://localhost:9200/"}
["warning","elasticsearch"],"pid":211,"message":"No living connections"}
  ["status","plugin:elasticsearch","error"],"pid":211,"name":"plugin:elasticsearch","state":"red","message": "Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.","prevState":"green","prevMsg":"Kibana index ready"}

来自elasticsearch日志:

[2016-03-13 11:35:42,843][INFO ][rest.suppressed          ] / Params: {}
ElasticsearchSecurityException[missing authentication token for REST request [/]]
    at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)
    at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:65)
    at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(InternalAuthenticationService.java:102)
    at org.elasticsearch.shield.rest.ShieldRestFilter.process(ShieldRestFilter.java:71)
    at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:265)
    at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)

非常感谢任何方向。

2 个答案:

答案 0 :(得分:4)

问题是没有正确创建证书中的.key文件。

之后:

cout

.key文件也需要这个有效:

1. openssl genrsa -des3 -out [domain].key 1024
2. openssl req -new -key [domain].key -out [domain].csr
3. openssl x509 -req -days 365 -in [domain].csr -signkey [domain].key -out [domain].crt

答案 1 :(得分:0)

注释掉server.key& kibana.yml中的server.crt,然后尝试安装。

相关问题
最新问题