Elasticsearch and Kibana Url says "your connection to this site is not secure "

Chma · October 26, 2022, 10:13pm

I am running elastic 8.4. From the documentation, it says that the security is automatically enabled and configured. But when I get my elasticsearch running and visit https:localhost:9200 I get the message:

Your connection to this site is not secure

This is what my elastic.yml file looks like. Is there something else required from the user to configure security?

# Enable security features
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
node.data : true
network.host : 0.0.0.0
discovery.seed_hosts : []
discovery.type: single-node
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["${ELK_SERVER_IP}"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

Justin_Cranford · October 26, 2022, 11:40pm

Can you try renaming it to elasticsearch.yml?

Justin_Cranford · October 26, 2022, 11:46pm

Auto-configuration only runs the first time elasticsearch is started, and only if no manual configuration was detected.

If you have your original logs, check if there are any messages from auto-configuration. If it runs, you will see things mentioned in Start the Elastic Stack with security enabled automatically | Elasticsearch Guide [8.4] | Elastic. If it detects that any manual configuration was done, it will not run, to avoid overwriting any manual changes.

Chma · October 26, 2022, 11:50pm

there's no manual configuration. The only manual change was resetting the password. Could that be a reason? I also copied http_ca.crt from etc/elasticsearch/certs/http_ca.crt to /etc/logstash/certs

Yang_Wang · October 26, 2022, 11:54pm

I guess you were connecting https://localhost:9200 using a browser.

The message Your connection to this site is not secure means the Browser does not trust the server (Elasticsearch)'s TLS certificate (i.e. certs/http.12). It is expected because the certificate is generated locally and not anchored to any publicly trusted CA.

Bottom line is: Security is enabled and TLS is in action. Otherwise you'll get a completely different error message like " This site can’t provide a secure connection".

Justin_Cranford · October 27, 2022, 12:28am

Yes. Auto-configuration will reset the elastic user password the first time you start up a fresh install. If you manually reset the password, that can be a reason why auto-configuration was skipped.

Try a fresh install in a temporary folder, and run bin/elasticsearch. View the log and see if auto-configuration runs.

Chma · October 27, 2022, 1:14am

@Justin_Cranford I can see this in my logs:

Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user.

Justin_Cranford · October 27, 2022, 4:28am

Redirect STDOUT can cause that auto-configuration skip message. Did you redirect STDOUT to a file, or pipe to another process?