Hi,
In our company we have a man in the middle firewall/proxy for deep packet inspection with self signed certificates.
For local experiments I want to run the docker-compose.yml
with Elasticsearch and Kibana.
When the Kibana from the docker-compose starts, URLs like https://kibana-knowledge-base-artifacts.elastic.co/?max-keys=1000
will fail because of the self signed certificates of the firewall/proxy. I also think that downloading machine learning models will fail for the same reason.
Can I get this to work without custom docker images?
I tried to configure the ca file of the firewall/proxy in my docker compose.
I do have have the root-ca certificate and intermediate signing-ca certificate files in pem format.
In the docker-compose file I concatenated the generate ca.crt file and the certificate files mentioned into a combined-ca.crt file and adjusted the configuration accordingly.
Everything started fine but still I get errors like:
kibana-1 | 2025-01-27T18:22:17.024980740Z [2025-01-27T18:22:17.023+00:00][ERROR][plugins.taskManager] Task ProductDocBase:EnsureUpToDate "ProductDocBase:EnsureUpToDate" failed: FetchError: request to https://kibana-knowledge-base-artifacts.elastic.co/?max-keys=1000 failed, reason: self-signed certificate in certificate chain
According to the documentation I should be able to configure multiple ca files.
However it is unclear whether that should be space, colon, comma, semicolon or something else separated. Trying all options for both the KIBANA environment variable in the docker-compose file as well as the xpack settings for elasticsearch did not work.