Hi,
I am trying to bind my Enterprise Search instance to my Kibana with SSL.
My Enterprise Search instance works well alone, but Kibana refuses to connect to it :
{"type":"log","@timestamp":"2020-11-16T13:44:55Z","tags":["error","plugins","enterpriseSearch"],"pid":7,"message":"Could not perform access check to Enterprise Search: FetchError: request to https://enterprise_search:3002/api/ent/v2/internal/client_config failed, reason: self signed certificate in certificate chain"}
I generate my certificates with elasticsearch-certutil
and docker-compose :
version: '3.2'
services:
create_certs:
container_name: create_certs
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0
command: >
bash -c '
if [[ ! -f /certs/ca.zip ]]; then
# Generating CA certificate
bin/elasticsearch-certutil ca --silent --pem -out /certs/ca.zip;
unzip /certs/ca.zip -d /certs;
fi;
if [[ ! -f /certs/pem.zip ]]; then
# Generating PEM certificates (ElasticSearch nodes and Kibana)
bin/elasticsearch-certutil cert --silent --pem --ca-cert "/certs/ca/ca.crt" --ca-key "/certs/ca/ca.key" --in config/certificates/pem.yml -out /certs/pem.zip;
unzip /certs/pem.zip -d /certs;
fi;
if [[ ! -f /certs/pkcs_12.zip ]]; then
# Generating PKCS#12 certificates (Enterprise Search)
bin/elasticsearch-certutil cert --silent --pass "changeme" --ca-cert "/certs/ca/ca.crt" --ca-key "/certs/ca/ca.key" --in config/certificates/pkcs_12.yml -out /certs/pkcs_12.zip;
unzip /certs/pkcs_12.zip -d /certs;
fi;
'
working_dir: /usr/share/elasticsearch
volumes: ['./certs:/certs', './instances:/usr/share/elasticsearch/config/certificates']
which leads to this directory structure and files (mounted in /usr/share/elasticsearch/config/certificates
) :
And here is my Enterprise Search configuration (env variables) :
JAVA_OPTS: "-Xms2048m -Xmx2048m"
ENT_SEARCH_DEFAULT_PASSWORD: changeme
ent_search.external_url: "https://localhost:3002"
ent_search.auth.source: elasticsearch-native # elasticsearch-based users
ent_search.ssl.enabled: "true"
ent_search.ssl.keystore.path: "/usr/share/elasticsearch/config/certificates/enterprise_search/enterprise_search.p12"
ent_search.ssl.keystore.password: "changeme"
elasticsearch.username: elastic
elasticsearch.password: changeme
elasticsearch.host: "https://es01:9200"
elasticsearch.ssl.enabled: "true"
elasticsearch.ssl.certificate_authority: "/usr/share/elasticsearch/config/certificates/ca/ca.crt"
allow_es_settings_modification: "true"
secret_management.encryption_keys: "[changeme]"
Would you know where the problem comes from ?
Or would there be a way to disable certificate verification from Kibana to EnterpriseSearch ?
Thank you !