elasticsearch.ssl.verificationMode is not working in Kibana 8.3.2

Leonardo_Henrique · February 7, 2023, 3:20am

Hello everyone.

I set the ssl configuration for my cluster using the elasticsearch-certutil, but my Kibana is unable to reach https://epr.elastic.co so I can not install any integration since it depends on loading from this repo.

In the logs I can see Error connecting to package registry: request to https://epr.elastic.co/search?experimental=true&kibana.version=8.3.2 failed, reason: self signed certificate in the chain

I tried to disable this verification using elasticsearch.ssl.verificationMode as none but it still give me the same result as before.

What can I do to avoid this error and to be able to install fleet/integrations?

Ayush_Mathur · February 7, 2023, 7:57am

Hello @Leonardo_Henrique , the setting elasticsearch.ssl.verification_mode only set the verification mode to be used for authorization between Kibana and Elasticsearch.
The error you are receiving is while connecting to EPR (Elastic Package Registry) which is essentially required to check and download the latest packages for Fleet.
BY any chance are you running your cluster in air-gapped environment ?

Leonardo_Henrique · February 7, 2023, 10:31am

Not for now, I had to set that up by connecting with the external EPR. I do not know where to go, I tested several things here and nothing worked.

Ayush_Mathur · February 7, 2023, 11:23am

Ok, then most likely your firewall or proxy might be blocking your requests. There is another way to work on this, by setting up the EPS locally (or within your environment).

Please refer: Air-gapped environments | Fleet and Elastic Agent Guide [8.6] | Elastic

Leonardo_Henrique · February 7, 2023, 11:27am

I will give a chance to that, what implications can I have if I choose to host the EPR by myself?

Ayush_Mathur · February 7, 2023, 11:33am

The only constraint would be to keep your registry up-to-date with latest packages yourself/ using some automation, since those will be available only in Elastic EPR.

Leonardo_Henrique · February 7, 2023, 11:37am

I see, a question regarding that. Since I am using the ELK in 8.3.2, I will have to touch in the EPR any time in the future to update that since I do not change my ELK version?

Ayush_Mathur · February 7, 2023, 11:40am

You can use the EPR version corresponding to the stack version you have. The upgrades are essential since with every release more features, functionalities and bug fixes are released, so this should always be part of Continuous Improvement.
For your particular version, you can try using 8.3.3 version of EPR: Air-gapped environments | Fleet and Elastic Agent Guide [8.3] | Elastic

system · March 7, 2023, 11:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana SSL verification Trust Issues Kibana elastic-stack-security	20	6452	February 22, 2023
Self-signed certificate in the chain Kibana elastic-stack-security , fleet	2	1846	March 8, 2023
Fleet Server Intergrations not working on Self Hosted Cluster w/ Self Signed Certs Elastic Agent	2	147	June 5, 2024
Fleet Self Sign Certficiate in Certificate Chain Elastic Agent	1	188	August 30, 2023
Kibana fleet - Error connecting to package registry Kibana fleet	8	9962	January 6, 2021

elasticsearch.ssl.verificationMode is not working in Kibana 8.3.2

Related topics