From 289e12a463d7532835b86de7fecdf5483596b577 Mon Sep 17 00:00:00 2001
From: Benjamin Schweizer <cxcv@cxcv.de>
Date: Sat, 11 Jan 2020 23:17:40 +0100
Subject: [PATCH 1/2] skip all blocks except certificates, closes #6890

---
 plugins/inputs/x509_cert/x509_cert.go      | 10 ++++++----
 plugins/inputs/x509_cert/x509_cert_test.go |  1 +
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go
index ad47db6632458..21e64fcbb6e48 100644
--- a/plugins/inputs/x509_cert/x509_cert.go
+++ b/plugins/inputs/x509_cert/x509_cert.go
@@ -103,11 +103,13 @@ func (c *X509Cert) getCert(u *url.URL, timeout time.Duration) ([]*x509.Certifica
 				return nil, fmt.Errorf("failed to parse certificate PEM")
 			}
 
-			cert, err := x509.ParseCertificate(block.Bytes)
-			if err != nil {
-				return nil, err
+			if block.Type == "CERTIFICATE" {
+				cert, err := x509.ParseCertificate(block.Bytes)
+				if err != nil {
+					return nil, err
+				}
+				certs = append(certs, cert)
 			}
-			certs = append(certs, cert)
 			if rest == nil || len(rest) == 0 {
 				break
 			}
diff --git a/plugins/inputs/x509_cert/x509_cert_test.go b/plugins/inputs/x509_cert/x509_cert_test.go
index 48559ca6a311e..fa90a90eb8b47 100644
--- a/plugins/inputs/x509_cert/x509_cert_test.go
+++ b/plugins/inputs/x509_cert/x509_cert_test.go
@@ -145,6 +145,7 @@ func TestGatherLocal(t *testing.T) {
 		{name: "correct certificate and extra trailing space", mode: 0640, content: pki.ReadServerCert() + " "},
 		{name: "correct certificate and extra leading space", mode: 0640, content: " " + pki.ReadServerCert()},
 		{name: "correct multiple certificates", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert()},
+		{name: "correct multiple certificates and key", mode: 0640, content: pki.ReadServerCert() + pki.ReadCACert() + pki.ReadServerKey()},
 		{name: "correct certificate and wrong certificate", mode: 0640, content: pki.ReadServerCert() + "\n" + wrongCert, error: true},
 		{name: "correct certificate and not a certificate", mode: 0640, content: pki.ReadServerCert() + "\ntest", error: true},
 		{name: "correct multiple certificates and extra trailing space", mode: 0640, content: pki.ReadServerCert() + pki.ReadServerCert() + " "},

From 4ae1841c97d476efdd8de0686369a63ac9f754d5 Mon Sep 17 00:00:00 2001
From: Benjamin Schweizer <cxcv@cxcv.de>
Date: Mon, 13 Jan 2020 08:08:30 +0100
Subject: [PATCH 2/2] updated readme

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ed999fc5e8bcd..c2644c086be0c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@
 ## v1.13.2 [unreleased]
 
 #### Bugfixes
+- [#6890](https://github.com/influxdata/telegraf/issues/6890): Fix local certificate parsing in x509_certs input.
 
 - [#2652](https://github.com/influxdata/telegraf/issues/2652): Warn without error when processes input is started on Windows.