Error configuration SSL/TLS on Kibana


(Charaf Ahmed) #1

Hi guys. Sorry if my english is bad; it's not my native language.

I am stuck on a small problem almost 3 days and I do not understand why. In fact, I try to set up TLS between the different modules (E L K).
The configuration of certificate keys at Elasticsearch level has been well established. I can only access port 9200 in HTTPS. I then wanted to configure SSL / TLS at kibana level but I can not do it.

To rebuild, I have the private key and the certficat of kibana in a folder certs. Parreil for elasticsearch.
Here is the kibana.yml configuration file:

Blockquote

server.port: 5601

elasticsearch.url: "https://localhost:9200"

elasticsearch.username: "kibana"
elasticsearch.password: "a4JQly0UwvRfarv2gCuP"

server.ssl.enabled: true
server.ssl.certificate: certs/publicCertKibana.pem
server.ssl.key: certs/privateKeyKibana.pem

elasticsearch.ssl.certificate: /home/Documents/ELK/elasticsearch-6.2.2/config/certs/publicCertElasticsearch.pem
elasticsearch.ssl.key: /home/Documents/ELK/elasticsearch-6.2.2/elasticsearch-6.2.2/privateKeyElasticsearch.pem

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /certs/kibana-certificates.p12
xpack.security.transport.ssl.truststore.path: /certs/kibana-certificates.p12

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /certs/kibana-certificates.p12
xpack.security.http.ssl.truststore.path: /certs/kibana-certificates.p12

Blockquote

Merci de votre aide :!!


(Chris Davies) #2

Hi Charaf,

Your English seems great to me!

Based on the configuration you gave, I'm not sure what the issue is, but I have a hunch. You're connecting to https://localhost:9200, but I doubt your certificates were issued for the domain: localhost. Most likely, they were issued for a specific domain or network address. Do you know how those pem files were generated?

Also, in the future, you shouldn't post any passwords here on the forum! I'd change your elastic password, just to be safe.

Hope that helps!


(Charaf Ahmed) #3

Good note for the confidentiality of my password and I thank you for your answer

For the creation of pem files, I first, generate a file p12 (Containing the certificate and the private key, if I do not say nonsense) for certification atoority, AC following the documentation.

Then, from each ELK module, I then generated the certiificat and the private key based on the CA.

My question is to know the necessary steps to confiigure the file kibana.yml so that I can specify the correct certificates and keys (from Elastiicearch and CA.)


(Charaf Ahmed) #4

I do not understand very well, I have the impression

Am I in X-Pack trial period, can I set up SSL / TLS between different modules (ELK)?


(Chris Davies) #5

I haven't personally tried connecting ELK via https over localhost, so I'm not sure if I'm leading you down the right path, but I suspect the problem is that the certificates you are using aren't trusted.

Here's something that popped up when I searched for this issue:

Hope that helps!


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.