Can't send dashboard to kibana

headtea · August 5, 2020, 3:02pm

Because we like the default "failed logins" dashboard that auditbeat provides, in auditbeat.yml, we have setup.dashboards.enabled: true.

It worked fine and now that I've enabled HTTPS for kibana I'm facing some issues.

This is the current configuration for kibana output in auditbeat.yml:

setup.kibana:
  host: "https://elk.companyname.net:5601"
  username: "elastic"
  password: "password"

In my browser, if I go to https://elk.companyname.net:5601 - I get kibana.

This is what I get when I start kibana:

ERROR   instance/beat.go:958    Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://elk.companyname.net:5601/api/status fails: fail to execute the HTTP GET request: Get https://elk.companyname.net:5601/api/status: x509: certificate signed by unknown authority. Response: .
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://elk.companyname.net:5601/api/status fails: fail to execute the HTTP GET request: Get https://elk.companyname.net:5601/api/status: x509: certificate signed by unknown authority. Response: .

It seems to not like the certificate. To secure kibana with HTTPS, I've used my company's .crt and .key.

Do I have anything missing? Is it possible to have dashboards go through Elasticsearch (since it seems to work)? Thanks ahead.

A_B · August 5, 2020, 3:10pm

Sounds like you either have to set certificate_authorities

Or verification_mode

What CA do you get your company cert from?

headtea · August 5, 2020, 3:20pm

Thanks for the response!

I'm not sure what CA we have, I just took the crt&key from another server to the kibana config. Do I need to add the company's CA to auditbeat.yml?

Also, If I set verification_mode to none then the connection would be unencrypted, right?

A_B · August 6, 2020, 7:24am

You can check the CA with e.g.

openssl x509 -in certificate.crt -text -noout

The best solution would definitely be to be able to configure certificate_authorities as that at least to me seems to be what is failing.

Setting verification_mode to none does not mean the connection is not encrypted but it leaves it vulnerable to attacks as the documentation says

In this mode, TLS-based connections are susceptible to man-in-the-middle attacks.

You mentioned that your local browser does not complain about the Kibana certificate. What if you use something like curl from where Auditbeat is running?

curl -Iv https://elk.companyname.net:5601 should show information on the certificate as well. Add -k if you get certificate warnings, to allow insecure connections.

headtea · August 6, 2020, 8:21am

Thanks for the response,

I gave auditbeat the certificate (.crt) that kibana uses under certificate_authorities and it worked!

Topic		Replies	Views
AuditBeat: Kibana x509: certificate signed by unknown authority Beats elastic-stack-security , auditbeat	3	3667	August 24, 2021
Error connecting to Kibana Beats metricbeat	6	12580	July 5, 2019
Cannot setup dashboards filebeat to kibana Kibana elastic-stack-security	5	562	June 16, 2022
Certificates between Filebeat and Kibana for Filebeat to do setup.dashboards.enabled: true Kibana	4	1046	February 1, 2019
Error setting up Dashboards Elasticsearch	5	649	June 16, 2020

Can't send dashboard to kibana

Related topics