Beats Certificate verification with ElasticSearch/Kibana

Hello,

I have configured SSL on both ElasticSearch and Kibana, and I can connect ok to it via browser. However when trying to configure Beats (Winlogbeat, Filebeat) to work with certificates, I see the following under test output - security... WARN server's certificate chain verification is disabled

    PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test output
elasticsearch: https://192.168.1.70:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 192.168.1.70
    dial up... OK
  TLS...
    security... WARN server's certificate chain verification is disabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.11.0

My elasticsearch.yml config file entries (related to SSL):

        xpack.security.enabled: true
       xpack.security.http.ssl.enabled: true
       xpack.security.http.ssl.keystore.path: "http.p12"

My kibana.yml SSL config file entries (related to SSL):

    elasticsearch.username: "kibana_system"
   elasticsearch.password: "password"
   elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
   #elasticsearch.ssl.verificationMode: none
  elasticsearch.ssl.verificationMode: certificate

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /ca/ca.crt
server.ssl.key: /ca/ca.key

My winlogbeat.yml config file:

   setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "https://192.168.1.70:5601"
  ssl.enabled: true
  #ssl.verification_mode: none
  ssl.verification_mode: certificate
  ssl.certificate_authorities: C:\Program Files\Winlogbeat\kibana.pem
  ssl.certificate: C:\Program Files\Winlogbeat\ca\ca.crt
  ssl.key: C:\Program Files\Winlogbeat\ca\ca.key
  
  # Kibana Space ID
  # ID of the Kibana Space into which the dashboards should be loaded. By default,
  # the Default Space will be used.
  #space.id:

# =============================== Elastic Cloud ================================

# These settings simplify using Winlogbeat with the Elastic Cloud (https://cloud.elastic.co/).

# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:

# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:

# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.1.70:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"
  #ssl.enabled: true
  #ssl.verification_mode: none
  ssl.verification_mode: certificate
  ssl.certificate_authorities: C:\Program Files\Winlogbeat\http2.pem
  #ssl.certificate: http2.pem
  #ssl.key: http.key
  
  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "password"

Should I add xpack.security.transport.ssl.enabled entries in elasticsearch.yml? Or what do I need to change/add to enable certificate verification for Beats in Elasticsearch/Kibana?
I would like to have the traffic encrypted between the beats and elasticsearch/kibana server.
Thank you!

1 Like