Elasticsearch and Kibana Url says "your connection to this site is not secure "

Elastic Stack Elasticsearch
1

I am running elastic 8.4. From the documentation, it says that the security is automatically enabled and configured. But when I get my elasticsearch running and visit https:localhost:9200 I get the message:

Your connection to this site is not secure

This is what my elastic.yml file looks like. Is there something else required from the user to configure security?

# Enable security features
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
node.data : true
network.host : 0.0.0.0
discovery.seed_hosts : []
discovery.type: single-node
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["${ELK_SERVER_IP}"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
1 Like
2

Can you try renaming it to elasticsearch.yml?

3

Auto-configuration only runs the first time elasticsearch is started, and only if no manual configuration was detected.

If you have your original logs, check if there are any messages from auto-configuration. If it runs, you will see things mentioned in Start the Elastic Stack with security enabled automatically | Elasticsearch Guide [8.4] | Elastic. If it detects that any manual configuration was done, it will not run, to avoid overwriting any manual changes.

5

there's no manual configuration. The only manual change was resetting the password. Could that be a reason? I also copied http_ca.crt from etc/elasticsearch/certs/http_ca.crt to /etc/logstash/certs

6

I guess you were connecting https://localhost:9200 using a browser.

The message Your connection to this site is not secure means the Browser does not trust the server (Elasticsearch)'s TLS certificate (i.e. certs/http.12). It is expected because the certificate is generated locally and not anchored to any publicly trusted CA.

Bottom line is: Security is enabled and TLS is in action. Otherwise you'll get a completely different error message like " This site can’t provide a secure connection".

1 Like
7

Yes. Auto-configuration will reset the elastic user password the first time you start up a fresh install. If you manually reset the password, that can be a reason why auto-configuration was skipped.

Try a fresh install in a temporary folder, and run bin/elasticsearch. View the log and see if auto-configuration runs.

8

@Justin_Cranford I can see this in my logs:

Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user.
9

Redirect STDOUT can cause that auto-configuration skip message. Did you redirect STDOUT to a file, or pipe to another process?