Client request error: self signed certificate


(Dreadlocked) #1

Hi, I've got the following configuration

Nginx as reverse proxy for Elasticsearch with basic authentication and a self-signed certificate. I point my Kibana to the reverse proxy: https://192.168.X.X and indicating the elasticsearch.username and elasticsearch.password correctly. Everything seems to work but I got two errors:

First: When I try to use the KIbana Console I obtain the error "Client request error: self signed certificate" and I don't know what attribute I need to change to not verify the certificate.

Second: When I try to use Timelion I get "Timelion: Error: in cell #1: [reduce_search_phase_exception] [reduce]", I already added the "scripts.inline: true" and "scripts.store: true" to the elasticsearch.yml, but this doesn't work.

Can anyone help me?

Thanks!


(Lee Drengenberg) #2

It might help to install your self-signed certs in your local trust store. Are you on Ubuntu? If so, here's some bash commands I use to set up a Ubuntu VM (and I disable IPv6 since my certs don't have it included);

  cp $QADIR/../certs/ca/ca.crt /usr/local/share/ca-certificates/
  cp $QADIR/../certs/elasticsearch/elasticsearch.crt /usr/local/share/ca-certificates/
  cp $QADIR/../certs/kibana/kibana.crt /usr/local/share/ca-certificates/
  update-ca-certificates

  echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
  echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
  echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
  sysctl -p
  cat /proc/sys/net/ipv6/conf/all/disable_ipv6

Redhat/CentOS is a little different directories and commands;

  cp $QADIR/../certs/kibana/kibana.crt /etc/pki/ca-trust/source/anchors/
  sudo update-ca-trust extract

Maybe fixing your first issue will resolve the second issue?

Regards,
Lee


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.