I have configured SSL on both ElasticSearch and Kibana, and I can connect ok to it via browser. However when trying to configure Beats (Winlogbeat, Filebeat) to work with certificates, I see the following under test output - security... WARN server's certificate chain verification is disabled
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test output elasticsearch: https://192.168.1.70:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 192.168.1.70 dial up... OK TLS... security... WARN server's certificate chain verification is disabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.11.0
My elasticsearch.yml config file entries (related to SSL):
xpack.security.enabled: true xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: "http.p12"
My kibana.yml SSL config file entries (related to SSL):
elasticsearch.username: "kibana_system" elasticsearch.password: "password" elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ] #elasticsearch.ssl.verificationMode: none elasticsearch.ssl.verificationMode: certificate # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. # These settings enable SSL for outgoing requests from the Kibana server to the browser. server.ssl.enabled: true server.ssl.certificate: /ca/ca.crt server.ssl.key: /ca/ca.key
My winlogbeat.yml config file:
setup.kibana: # Kibana Host # Scheme and port can be left out and will be set to the default (http and 5601) # In case you specify and additional path, the scheme is required: http://localhost:5601/path # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 host: "https://192.168.1.70:5601" ssl.enabled: true #ssl.verification_mode: none ssl.verification_mode: certificate ssl.certificate_authorities: C:\Program Files\Winlogbeat\kibana.pem ssl.certificate: C:\Program Files\Winlogbeat\ca\ca.crt ssl.key: C:\Program Files\Winlogbeat\ca\ca.key # Kibana Space ID # ID of the Kibana Space into which the dashboards should be loaded. By default, # the Default Space will be used. #space.id: # =============================== Elastic Cloud ================================ # These settings simplify using Winlogbeat with the Elastic Cloud (https://cloud.elastic.co/). # The cloud.id setting overwrites the `output.elasticsearch.hosts` and # `setup.kibana.host` options. # You can find the `cloud.id` in the Elastic Cloud web UI. #cloud.id: # The cloud.auth setting overwrites the `output.elasticsearch.username` and # `output.elasticsearch.password` settings. The format is `<user>:<pass>`. #cloud.auth: # ================================== Outputs =================================== # Configure what output to use when sending the data collected by the beat. # ---------------------------- Elasticsearch Output ---------------------------- output.elasticsearch: # Array of hosts to connect to. hosts: ["192.168.1.70:9200"] # Protocol - either `http` (default) or `https`. protocol: "https" #ssl.enabled: true #ssl.verification_mode: none ssl.verification_mode: certificate ssl.certificate_authorities: C:\Program Files\Winlogbeat\http2.pem #ssl.certificate: http2.pem #ssl.key: http.key # Authentication credentials - either API key or username/password. #api_key: "id:api_key" username: "elastic" password: "password"
Should I add xpack.security.transport.ssl.enabled entries in elasticsearch.yml? Or what do I need to change/add to enable certificate verification for Beats in Elasticsearch/Kibana?
I would like to have the traffic encrypted between the beats and elasticsearch/kibana server.