Configuring Kibana with SSL; how to define passphrase for the private key?

Jakauppila · June 11, 2015, 1:11pm

I'm going through the steps of configuring Kibana via kibana.yml to use SSL for the accessing clients:

# SSL for outgoing requests from the Kibana Server (PEM formatted)
#ssl_key_file: /path/to/your/server.key
#ssl_cert_file: /path/to/your/server.crt
ssl_cert_file: D:\certs\KibanaCert.crt
ssl_key_file: D:\certs\KibanaCert.pem

How do you specify the passphrase for the private key?

simianhacker · June 17, 2015, 5:28am

There isn't a way to specify a passphrase. Most people remove the passphrase from their keys using OpenSSL.

openssl rsa -in www.key -out new.key

Jakauppila · June 17, 2015, 3:10pm

Yeah, I did that to get it working, but I'm not a fan of it as a long-term solution.

simianhacker · June 17, 2015, 5:08pm

What would you prefer for a long term solution?

For systems that need to be automatically started without human intervention the options I know about are:

Passphraseless SSL Key
Store passphrase in config and pass as an argument to TLS server (just as insecure as first scenario)
Prompt user for passphrase (doesn't scale and requires human intervention or requires an expect script with passphrase; which is also insecure)

Thoughts?

Topic		Replies	Views
Kibana ssl certificate browser-server Kibana	2	996	July 6, 2017
SSL Configuration in Kibana Kibana	7	6435	April 13, 2017
Kibana 7.9 Decrypt .key problem Kibana elastic-stack-security	2	1249	October 8, 2020
Does Kibana support https? Kibana	3	838	November 13, 2017
Kibana TLS settings using "server.ssl.keystore.path" not working Kibana	3	2028	May 13, 2020

Configuring Kibana with SSL; how to define passphrase for the private key?

Related Topics