Encrypting traffic between browser and kibana

https://www.elastic.co/guide/en/kibana/current/configuring-tls.html provides steps to enable encryption between browser and kibana. Following these instructions on a 7.9.2 instance and using a server certificate/private key in PEM format with no password I get the error below. I can't find a step I'm missing or instructions for how to set the required information. Any pointers on what I should be configuring to make this work?

{"type":"log","@timestamp":"2020-09-30T21:14:31Z","tags":["fatal","root"],"pid":514,"message":"{ Error: [config validation of [server].ssl.cert]: definition for this key is missing\n at ObjectType.validate (/opt/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:62:19)\n at ConfigService.validateAtPath (/opt/kibana/src/core/server/config/config_service.js:188:19)\n at MapSubscriber.getDistinctConfig.pipe.config [as project] (/opt/kibana/src/core/server/config/config_service.js:196:81)\n at MapSubscriber._next (/opt/kibana/node_modules/rxjs/internal/operators/map.js:49:35)\n at MapSubscriber.Subscriber.next (/opt/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at DistinctUntilChangedSubscriber._next (/opt/kibana/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)\n at DistinctUntilChangedSubscriber.Subscriber.next (/opt/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at MapSubscriber._next (/opt/kibana/node_modules/rxjs/internal/operators/map.js:55:26)\n at MapSubscriber.Subscriber.next (/opt/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at ReplaySubject._subscribe (/opt/kibana/node_modules/rxjs/internal/ReplaySubject.js:76:28)\n at ReplaySubject.Observable._trySubscribe (/opt/kibana/node_modules/rxjs/internal/Observable.js:44:25)\n at ReplaySubject.Subject._trySubscribe (/opt/kibana/node_modules/rxjs/internal/Subject.js:102:51)\n at ReplaySubject.Observable.subscribe (/opt/kibana/node_modules/rxjs/internal/Observable.js:30:22)\n at MapSubscriber.shareReplayOperation (/opt/kibana/node_modules/rxjs/internal/operators/shareReplay.js:45:32)\n at Observable.subscribe (/opt/kibana/node_modules/rxjs/internal/Observable.js:25:31)\n at MapOperator.call (/opt/kibana/node_modules/rxjs/internal/operators/map.js:32:23)\n cause:\n { Error: definition for this key is missing\n at ObjectType.onError (/opt/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:87:20)\n at type.Type.schema.error (/opt/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:52:53)\n at finish (/opt/kibana/node_modules/joi/lib/types/any/index.js:529:50)\n at type._validate (/opt/kibana/node_modules/joi/lib/types/any/index.js:618:24)\n at type._base (/opt/kibana/node_modules/joi/lib/types/object/index.js:212:45)\n at type._validate (/opt/kibana/node_modules/joi/lib/types/any/index.js:614:37)\n at type._validateWithOptions (/opt/kibana/node_modules/joi/lib/types/any/index.js:674:29)\n at module.exports.internals.Any.root.validate (/opt/kibana/node_modules/joi/lib/index.js:146:23)\n at ObjectType.validate (/opt/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:57:72)\n at ConfigService.validateAtPath (/opt/kibana/src/core/server/config/config_service.js:188:19)\n at MapSubscriber.getDistinctConfig.pipe.config [as project] (/opt/kibana/src/core/server/config/config_service.js:196:81)\n at MapSubscriber._next (/opt/kibana/node_modules/rxjs/internal/operators/map.js:49:35)\n at MapSubscriber.Subscriber.next (/opt/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at DistinctUntilChangedSubscriber._next (/opt/kibana/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)\n at DistinctUntilChangedSubscriber.Subscriber.next (/opt/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at MapSubscriber._next (/opt/kibana/node_modules/rxjs/internal/operators/map.js:55:26) cause: undefined, path: [ 'ssl', 'cert' ] } }"}

@azasypkin / @jportner can I please get some help on this? Thanks!

Error: [config validation of [server].ssl.cert]: definition for this key is missing

Please share your kibana.yml to have a better picture.

Hmm, I believe the correct setting is server.ssl.certificate, not server.ssl.cert. @Joe_Monaco can you double check your config?

Yes, the spelling was the problem. The instructions clearly say server.ssl.certificate, but the comment in the file had server.ssl.cert and I just edited the comment. D'oh. A little unclear in any case.

Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.