Can't send dashboard to kibana

Because we like the default "failed logins" dashboard that auditbeat provides, in auditbeat.yml, we have setup.dashboards.enabled: true.

It worked fine and now that I've enabled HTTPS for kibana I'm facing some issues.

This is the current configuration for kibana output in auditbeat.yml:

setup.kibana:
  host: "https://elk.companyname.net:5601"
  username: "elastic"
  password: "password"

In my browser, if I go to https://elk.companyname.net:5601 - I get kibana.

This is what I get when I start kibana:

ERROR   instance/beat.go:958    Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://elk.companyname.net:5601/api/status fails: fail to execute the HTTP GET request: Get https://elk.companyname.net:5601/api/status: x509: certificate signed by unknown authority. Response: .
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://elk.companyname.net:5601/api/status fails: fail to execute the HTTP GET request: Get https://elk.companyname.net:5601/api/status: x509: certificate signed by unknown authority. Response: .

It seems to not like the certificate. To secure kibana with HTTPS, I've used my company's .crt and .key.

Do I have anything missing? Is it possible to have dashboards go through Elasticsearch (since it seems to work)? Thanks ahead.

Sounds like you either have to set certificate_authorities

Or verification_mode

What CA do you get your company cert from?

1 Like

Thanks for the response!

I'm not sure what CA we have, I just took the crt&key from another server to the kibana config. Do I need to add the company's CA to auditbeat.yml?

Also, If I set verification_mode to none then the connection would be unencrypted, right?

You can check the CA with e.g.

openssl x509 -in certificate.crt -text -noout

The best solution would definitely be to be able to configure certificate_authorities as that at least to me seems to be what is failing.

Setting verification_mode to none does not mean the connection is not encrypted but it leaves it vulnerable to attacks as the documentation says

In this mode, TLS-based connections are susceptible to man-in-the-middle attacks.

You mentioned that your local browser does not complain about the Kibana certificate. What if you use something like curl from where Auditbeat is running?

curl -Iv https://elk.companyname.net:5601 should show information on the certificate as well. Add -k if you get certificate warnings, to allow insecure connections.

1 Like

Thanks for the response,

I gave auditbeat the certificate (.crt) that kibana uses under certificate_authorities and it worked!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.