Configuring Kibana with SSL; how to define passphrase for the private key?

Jakauppila · June 11, 2015, 1:11pm

I'm going through the steps of configuring Kibana via kibana.yml to use SSL for the accessing clients:

# SSL for outgoing requests from the Kibana Server (PEM formatted)
#ssl_key_file: /path/to/your/server.key
#ssl_cert_file: /path/to/your/server.crt
ssl_cert_file: D:\certs\KibanaCert.crt
ssl_key_file: D:\certs\KibanaCert.pem

How do you specify the passphrase for the private key?

simianhacker · June 17, 2015, 5:28am

There isn't a way to specify a passphrase. Most people remove the passphrase from their keys using OpenSSL.

openssl rsa -in www.key -out new.key

Jakauppila · June 17, 2015, 3:10pm

Yeah, I did that to get it working, but I'm not a fan of it as a long-term solution.

simianhacker · June 17, 2015, 5:08pm

What would you prefer for a long term solution?

For systems that need to be automatically started without human intervention the options I know about are:

Passphraseless SSL Key
Store passphrase in config and pass as an argument to TLS server (just as insecure as first scenario)
Prompt user for passphrase (doesn't scale and requires human intervention or requires an expect script with passphrase; which is also insecure)

Thoughts?