AuditBeat: Kibana x509: certificate signed by unknown authority

At first I was getting an elasticsearch error when i tried to run auditbeat setup which was like that: Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://ubuntu-local.duckdns.org:9200: Get "https://myhost:9200": x509: certificate signed by unknown authority]

So i looked up the elastic forums and found a solution. I changed my auditbeat.yml to look like this:

 output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["myhost:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"
  ssl_verification_mode: "none"
  ssl.certificate_authorities: ["/apath/elasticsearch-ca.pem"]
  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "mypass"

PS: i have setup Https on my kibana and elastic nodes but i don't want to set up to the Beats right now.

So then when i tried to run again auditbeat setup i got another error, this time from kibana:
again about x509: certificate signed by unknown authority

So i added the same attributes i added into the elasticsearch section of the audibeat.yml file but with no luck

Here is the kibana section:

setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "https://myhost:5601"
  ssl_verification_mode: "none"
  ssl.certificate_authorities: "/apath/elasticsearch-ca.pem"
  # Kibana Space ID
  # ID of the Kibana Space into which the dashboards should be loaded. By default,
  # the Default Space will be used.
  #space.id:

Any ideas?

Thanks in advance

This should be ssl.verification_mode.

Unbelievable. Sorry for this stupid mistake. It's cause of tiredness after hours at the PC.
Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.