Hi All,
We have created a self signed certificate for elasticsearch to use elastic through https, all working good with self signed certificate ( which is not a trusted certificate)
Now we got a trusted certificate and now when we try to update the trusted certificate, our kibana is not working, its just says kibana is not ready.
Here are my configurations in elasticsearch.yml
#-------------------------------------TLS/SSL--------------------------------------
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elastic.demo.com_2020.cer
#xpack.security.transport.ssl.key: /etc/elasticsearch/certs/server.key
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elastic.demo.com_2020.cer
#xpack.security.http.ssl.key: /etc/elasticsearch/certs/server.key
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#xpack.security.http.ssl.client_authentication: optional
#xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#xpack.security.http.ssl.truststore.path: /etc/elasticsearch/certs/elastic-certificates.p12
#
In the above configuration elastic-certificates.p12 is my self signed certificate and elastic.demo.com_2020.cer is my authorized certificate.
Configuration in Kibana.yml
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
#server.ssl.keystore.path: "/etc/kibana/certs/elastic-certificates.p12"
#server.ssl.keystore.password: ""
server.ssl.certificate: /etc/kibana/certs/elastic.demo.com_2020.cer
server.ssl.key: /etc/kibana/certs/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
elasticsearch.ssl.truststore.path: "/etc/kibana/certs/elastic-certificates.p12"
elasticsearch.ssl.truststore.password: ""
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
#elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/client-ca.cer
elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/elastic.demo.com_2020.cer
elasticsearch.ssl.key: /etc/kibana/certs/server.key
In the above configuration elastic-certificates.p12 is my self signed certificate and elastic.demo.com_2020.cer is my authorized certificate.
I have been confused i which certificate to use where, sorry for so many commented out lines.
Please advice.
Thanks
Gautham