Elastalert error when using with SSL - Enter PEM passphrase

[indefsystems]

I have ELK docker setup with search guard. I have SSL enabled in elasticsearch and am using self signed certificate generated using search guard offline tool.

I am using elastalert docker image and have enable SSL in config.yml. Here is the relevant configuration in config.yaml

# Connect with TLS to elasticsearch
use_ssl: True
# Verify TLS certificates
verify_certs: True

client_cert: /etc/elastalert/elastalert.pem
client_key: /etc/elastalert/elastalert.key
ca_certs: /etc/elastalert/root-ca.pem

I am getting the following error when I create my ELK stack using docker swarm.

15:34:45.098Z  INFO elastalert-server: ProcessController:  Starting ElastAlert
15:34:45.098Z  INFO elastalert-server: ProcessController:  Creating index
15:34:58.199Z ERROR elastalert-server:
    ProcessController:  Enter PEM pass phrase:
    Enter PEM pass phrase:
    Enter PEM pass phrase:
    Enter PEM pass phrase:
    Traceback (most recent call last):
      File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
        "__main__", fname, loader, pkg_name)
      File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
        exec code in run_globals
      File "/opt/elastalert/elastalert/create_index.py", line 275, in <module>
        main()
      File "/opt/elastalert/elastalert/create_index.py", line 127, in main
        esversion = es.info()["version"]["number"]
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/client/utils.py", line 76, in _wrapped
        return func(*args, params=params, **kwargs)
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/client/__init__.py", line 241, in info
        return self.transport.perform_request('GET', '/', params=params)
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/transport.py", line 318, in perform_request
        status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/connection/http_requests.py", line 85, in perform_request
        raise ConnectionError('N/A', str(e), e)
    elasticsearch.exceptions.ConnectionError: ConnectionError([('UI routines', 'UI_process', 'processing error'), ('PEM routines', 'PEM_def_callback', 'problems getting pasword'), ('PEM routines', 'PEM_read_bio_PrivateKey', 'bad password read'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]) caused by: Error([('UI routines', 'UIprocess', 'processing error'), ('PEM routines', 'PEM_def_callback', 'problems getting password'), ('PEM routines', 'PEM_read_bio_PrivateKey', 'bad password read'), ('SSL rotines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')])

15:34:58.200Z ERROR elastalert-server: ProcessController:  Index create exited with code 1
15:34:58.203Z  WARN elastalert-server: ProcessController:  ElastAlert will start but might not be able to save its data!
15:34:58.204Z  INFO elastalert-server: ProcessController:  Starting elastalert with arguments [none]
15:34:58.225Z  INFO elastalert-server: ProcessController:  Started Elastalert (PID: 47)
15:34:58.243Z  INFO elastalert-server: Server:  Server listening on port 3030
15:34:58.254Z  INFO elastalert-server: Server:  Websocket listening on port 3333
15:34:58.255Z  INFO elastalert-server: Server:  Server started
15:35:00.200Z ERROR elastalert-server: ProcessController:  Enter PEM pass phrase:

It seems to be complaining about PEM pass phrase, however, I don't see any property in config.yaml to specify the PEM passphrase.

Any suggestion how to fix this? Thanks.

[Qmando]

Unfortunately the underlying Python libraries don't seem to support password protected PEM files (https://github.com/kennethreitz/requests/issues/2519, https://github.com/kennethreitz/requests/issues/1573). You'll need to dump the key into plaintext or generate a new one without a password.