Accessing kibana over HTTPS

I have tried to follow the steps outlined under "Detections configuration and index privilege prerequisites"

I have modified elasticsearch.yml to be:

network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: "/etc/elasticsearch/elastic-certificates.p12"
xpack.security.transport.ssl.truststore.path: "/etc/elasticsearch/elastic-certificates.p12"

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/etc/elasticsearch/http.p12"

And have edited kibana.yml to be:

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "password"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
xpack.encryptedSavedObjects.encryptionKey: 'fhjskloppd678ehkdfdlproglsaeface'

When I now try and connect to https://IP:5601 I get "This site can't be reached".
When I connect over https://IP:9200 I get put my user and password in and get a JSON prinout.

Seems as if Kibana to Elasticsearch is encrypted but Kibana to browser is not working over https properly?

You would also need to configure and start Kibana, particularly this section and the server.ssl.enabled option set to True.

Check for KIbana errors and "netstat -an | grep 5601" to see if Kibana is listening on the port.

I have added:

server.ssl.enabled: true
server.ssl.certificate: "kibana-server.p12"
server.ssl.key: "kibana-server.p12"

to kibana.yml. The cert was generated using the elasticsearch CA I previously generated.

I have tried to check if kibana is listening on 5601, but it seems kibana isn't starting.

I get the following error:

● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-04-13 08:55:39 PDT; 3min 43s ago
Process: 89150 ExecStart=/usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml (code=exited, status=1/FAILURE)
Main PID: 89150 (code=exited, status=1/FAILURE)
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Service hold-off time over, scheduling r
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Scheduled restart job, restart counter i
Apr 13 08:55:39 ubuntu systemd[1]: Stopped Kibana.
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Start request repeated too quickly.
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Failed with result 'exit-code'.
Apr 13 08:55:39 ubuntu systemd[1]: Failed to start Kibana.

I've tried looking in /var/log/kibana but that directory doesn't exist so don't know how best to troubleshoot from here.

Any help would be appreciated!

Kibana sometimes logs to /var/log/messages or you can start it from the command line to test.

I managed to find relevant logs with:

sudo tail -n 100 /var/log/syslog

There were a bunch of issues I remedied:

In kibana.yml I had a line "elasticsearch.url: [..." which was erroring, it needs to be elasticsearch.hosts.

I had to provide it the full path to the ssl certificate and key, and give it permissions to these, though after doing so it now starts, but errors with:

FATAL Error 0906D06C:PEM routines:PEM_read_bio:no start line

Apparently kibana can't read .p12 certs, so will need to generate ones in .pem format. Will report back on this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.