Accessing kibana over HTTPS

lw24 · April 12, 2020, 2:18pm

I have tried to follow the steps outlined under "Detections configuration and index privilege prerequisites"

I have modified elasticsearch.yml to be:

network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: "/etc/elasticsearch/elastic-certificates.p12"
xpack.security.transport.ssl.truststore.path: "/etc/elasticsearch/elastic-certificates.p12"

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/etc/elasticsearch/http.p12"

And have edited kibana.yml to be:

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "password"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
xpack.encryptedSavedObjects.encryptionKey: 'fhjskloppd678ehkdfdlproglsaeface'

When I now try and connect to https://IP:5601 I get "This site can't be reached".
When I connect over https://IP:9200 I get put my user and password in and get a JSON prinout.

Seems as if Kibana to Elasticsearch is encrypted but Kibana to browser is not working over https properly?

rugenl · April 12, 2020, 4:51pm

You would also need to configure and start Kibana, particularly this section and the server.ssl.enabled option set to True.

Check for KIbana errors and "netstat -an | grep 5601" to see if Kibana is listening on the port.

lw24 · April 13, 2020, 4:07pm

I have added:

server.ssl.enabled: true
server.ssl.certificate: "kibana-server.p12"
server.ssl.key: "kibana-server.p12"

to kibana.yml. The cert was generated using the elasticsearch CA I previously generated.

I have tried to check if kibana is listening on 5601, but it seems kibana isn't starting.

I get the following error:

● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-04-13 08:55:39 PDT; 3min 43s ago
Process: 89150 ExecStart=/usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml (code=exited, status=1/FAILURE)
Main PID: 89150 (code=exited, status=1/FAILURE)
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Service hold-off time over, scheduling r
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Scheduled restart job, restart counter i
Apr 13 08:55:39 ubuntu systemd[1]: Stopped Kibana.
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Start request repeated too quickly.
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Failed with result 'exit-code'.
Apr 13 08:55:39 ubuntu systemd[1]: Failed to start Kibana.

I've tried looking in /var/log/kibana but that directory doesn't exist so don't know how best to troubleshoot from here.

Any help would be appreciated!

rugenl · April 13, 2020, 4:09pm

Kibana sometimes logs to /var/log/messages or you can start it from the command line to test.

lw24 · April 13, 2020, 4:27pm

I managed to find relevant logs with:

sudo tail -n 100 /var/log/syslog

There were a bunch of issues I remedied:

In kibana.yml I had a line "elasticsearch.url: [..." which was erroring, it needs to be elasticsearch.hosts.

I had to provide it the full path to the ssl certificate and key, and give it permissions to these, though after doing so it now starts, but errors with:

FATAL Error 0906D06C:PEM routines:PEM_read_bio:no start line

Apparently kibana can't read .p12 certs, so will need to generate ones in .pem format. Will report back on this.

Topic		Replies	Views
After enabling the https not able to launch kibana dashboard Kibana	3	253	January 11, 2023
Unable to get HTTPS working on Kibana Kibana	4	2452	July 5, 2018
How can we browse kibana url on https Kibana elastic-stack-security	8	437	April 26, 2023
Configuring kibana/elasticsearc for SSL Elasticsearch	2	387	July 6, 2017
Need Help Configuring HTTPS Between Elasticsearch and Kibana Kibana elastic-stack-security	1	487	October 20, 2023

Accessing kibana over HTTPS

Related topics