Hello ELK workers,
I'm working on the ELK stack and i manage to install it and make it work on my computer with local data etc... I'm now trying to make the stack use SSL/TLS for transport and http layer. I took the trial for 30 days to use security.
I did the Elasticsearch configuration to connect to localhost with https, here is my elasticsearch.yml file :
node.name: node-1
http.cors.enabled: true
http.cors.allow-origin: "*"
http.max_header_size: 16kb
discovery.seed_hosts: ["127.0.0.1"]
cluster.initial_master_nodes: ["node-1"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.key: certs/instance.key
xpack.security.transport.ssl.certificate: certs/instance.crt
xpack.security.transport.ssl.certificate_authorities: ["certs/ca.crt"]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/instance.key
xpack.security.http.ssl.certificate: certs/instance.crt
xpack.security.http.ssl.certificate_authorities: ["certs/ca.crt"]
I used elasticsearch-certutil tool with ca mode to construct the CA and cert mode to construct the instance key and certificate. All those files are stored in Config/certs folder that i created for each instance of the elk stack. Then i was able to connect to https://localohost:9200
Then i generated with the same tool one key and certificate for kibana (stored in config/certs in kibana folder) and my kibana.yml looks like :
server.host: "localhost"
server.name: "kibana"
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "?????????"
server.ssl.enabled: true
server.ssl.key: C:\Users\T6SH\Desktop\Kibana\config\certs\instance.key
server.ssl.certificate: C:\Users\T6SH\Desktop\Kibana\config\certs\instance.crt
elasticsearch.ssl.certificateAuthorities: C:\Users\T6SH\Desktop\Elasticsearch\config\certs\ca.crt
My problem is that i can launch the elasticsearch node, but when i launch my kibana, i got errors saying :
GET https://localhost:9200/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip => unable to verify the first certificate
How do i make the kibana trust my cert ? In the future my company will use a real CA, non-autosigned cert etc... but i kinda need it now to make my test.
Thanks for your help, merry christmas and happy new year !
(sorry for my awful english)