I'm trying to convert a JKS cert to PKCS8 for Logstash v5.1. I found an example here: https://stackoverflow.com/a/656559
keytool -importkeystore -srckeystore foo.jks -destkeystore foo.p12 /
-srcstoretype jks -deststoretype pkcs12
openssl pkcs12 -in foo.p12 -out foo.pem
openssl pkcs12 -in foo.p12 -nocerts -out key.pem
openssl pkcs8 -in key.pem -topk8 -out p8key.pem
But it produces the following error when attempting to run logstash:
ERROR logstash.inputs.beats - Looks like you either have an invalid key or your private key was not in PKCS8 format.
{:exception=>java.lang.IllegalArgumentException: File does not contain valid private key: /ELK/logstash/SSL/p8key.pem}
I also tried to convert to pkcs8 with the -nocrypt flag, and receive this error:
ERROR org.logstash.beats.BeatsHandler - Exception: not an SSL/TLS record
The cause of this error:
is because
ssl_key_passphrase => "password"was not set in the logstash input.And this error:
is because non-SSL/TLS traffic was attempting to go through the SSL/TLS port. In this case, the culprit was filebeat.
https://www.elastic.co/guide/en/x-pack/current/security-troubleshooting.html