My elastic setup is running into issues after I generated new certs for http encryption using elasticsearch-certutil for http and ca. I followed this documentation as well as documentation from other people Kibana is running for my webserver, but logs return the following:
sudo journalctl -u kibana -f “Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain”
curl -vk manageraddress --cacert /etc/elasticsearch/certs/http_ca.crt [ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain
this is what i currently have in each yml file:
elasticsearch.yml:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12
xpack.security.transport.ssl.truststore.password: "password"
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/transport.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/ca.p12
xpack.security.transport.ssl.truststore.password: "password"
kibana.yml
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificateAuthorities: "/etc/kibana/http_ca.crt"
elasticsearch.ssl.truststore.path: "/etc/elasticsearch/http.p12"
elasticsearch.ssl.truststore.password: "password"
xpack.encryptedSavedObjects.encryptionKey: "key"
my webserver has this error currently:
Could there be an issue regarding passwords for the certs between servers?