Can Kibana use the encrypted private key for SSL?


(Thuong) #1

Hi all,

Is there any ways to use the encrypted private key for SSL in Kibana? Encrypted private key can be stored in Windows Certificate Store, then Kibana can retrieve the key from that to use.
Currently, I use the decrypted private key. But my system admin don't want it because private key can be stolen and use to fake our site by attacker.

Thanks


(Vikas) #2

Do you want to create ssl layer between user and kibana?I mean https://localhost:5601


(Thuong) #3

Yes, SSL for client access.


(Vikas) #4

you can very well do that.create two certificates one certificate and other its key.and provide the path-the below config lines are already in kibana.server.ssl.enabled: true
server.ssl.key: /path/to/your/server.key
server.ssl.certificate: /path/to/your/server.crt

##if you want some already generated certificates

  1. check for openssl version
    cmd to run= openssl version
  2. cmd to run = keytool
    Which should print a list of available keytool commands. If this is not the case, check your JDK installation and make sure the keytool is on your PATH.
    3)go to this path and download it : https://github.com/floragunncom/search-guard-ssl/tree/es-6.0.0
    4)The script to execute is ./example.sh, located in the folder example-pki-scripts.
    5)If for any reason you need to re-execute the script, execute ./clean.sh in the same directory first. This will remove all generated files automatically.
  3. there you can find kibana certificates.copy kibana.pem and kibana.key and keep it in kibana directory.Provide the path in the above config lines mentioned.I am sure you can do this.It will work very well.

(Thuong) #5

I'm able to enable SSL for Kibana, but I must use the decrypted key.
Is your solution can use encrypted key?


(Vikas) #6

yup sure


(Thuong) #7

Great. I will try it.

Thanks Vikas :slight_smile:


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.