You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Additional Note:
Yes, we could use the pkcs12-container directly and provide the "secretKeyPass". Nevertheless, it would be great if support for the java JKS would also be implemented fully, as the documentation states that .jks is supported.
Therefore it would be nice, if the secret key within the JKS-Keystore could have an own passphrase as well as in other plugins (e.g. logstash-input-kafka)
The text was updated successfully, but these errors were encountered:
Support for passphrase ("secretKeyPass") for an encrypted key within a JKS-Keystore format!
ending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties Aug 01 12:05:46 host-xyz logstash[17689]: [2018-08-01T12:05:46,046][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.3.1"} Aug 01 12:05:48 host-xyz logstash[17689]: [2018-08-01T12:05:48,725][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"winlogbeat", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50} Aug 01 12:05:49 host-xyz logstash[17689]: [2018-08-01T12:05:49,017][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"winlogbeat", :plugin=>"#<LogStash::OutputDelegator:0x12bedc9d>", :error=>"Cannot recover key", :thread=>"#<Thread:0x974420a run>"} Aug 01 12:05:49 host-xyz logstash[17689]: [2018-08-01T12:05:49,031][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"winlogbeat", :exception=>java.security.UnrecoverableKeyException: Cannot recover key, :backtrace=>["sun.security.provider.KeyProtector.recover(sun/security/provider/KeyProtector.java:328)", "sun.security.provider.JavaKeyStore.engineGetKey(sun/security/provider/JavaKeyStore.java:146)", "sun.security.provider.JavaKeyStore$JKS.engineGetKey(sun/security/provider/JavaKeyStore.java:56)", "sun.security.provider.KeyStoreDelegator.engineGetKey(sun/security/provider/KeyStoreDelegator.java:96)", "sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(sun/security/provider/JavaKeyStore.java:70)", "java.security.KeyStore.getKey(java/security/KeyStore.java:1023)", "sun.security.ssl.SunX509KeyManagerImpl.<init>(sun/security/ssl/SunX509KeyManagerImpl.java:133)", "sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(sun/security/ssl/KeyManagerFactoryImpl.java:70)", "javax.net.ssl.KeyManagerFactory.init(javax/net/ssl/KeyManagerFactory.java:256)", "org.apache.http.conn.ssl.SSLContextBuilder.loadKeyMaterial(org/apache/http/conn/ssl/SSLContextBuilder.java:145)", "org.apache.http.conn.ssl.SSLContextBuilder.loadKeyMaterial(org/apache/http/conn/ssl/SSLContextBuilder.java:134)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:423)", "org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:290)", [...]
I can provide a more detailed log, but I guess the lines above should be enough.
Yes, we could use the pkcs12-container directly and provide the "secretKeyPass". Nevertheless, it would be great if support for the java JKS would also be implemented fully, as the documentation states that .jks is supported.
Therefore it would be nice, if the secret key within the JKS-Keystore could have an own passphrase as well as in other plugins (e.g. logstash-input-kafka)
The text was updated successfully, but these errors were encountered: