Error configuration SSL/TLS on Kibana

Charaf_Ahmed · May 4, 2018, 1:22pm

Hi guys. Sorry if my english is bad; it's not my native language.

I am stuck on a small problem almost 3 days and I do not understand why. In fact, I try to set up TLS between the different modules (E L K).
The configuration of certificate keys at Elasticsearch level has been well established. I can only access port 9200 in HTTPS. I then wanted to configure SSL / TLS at kibana level but I can not do it.

To rebuild, I have the private key and the certficat of kibana in a folder certs. Parreil for elasticsearch.
Here is the kibana.yml configuration file:

Blockquote

server.port: 5601

elasticsearch.url: "https://localhost:9200"

elasticsearch.username: "kibana"
elasticsearch.password: "a4JQly0UwvRfarv2gCuP"

server.ssl.enabled: true
server.ssl.certificate: certs/publicCertKibana.pem
server.ssl.key: certs/privateKeyKibana.pem

elasticsearch.ssl.certificate: /home/Documents/ELK/elasticsearch-6.2.2/config/certs/publicCertElasticsearch.pem
elasticsearch.ssl.key: /home/Documents/ELK/elasticsearch-6.2.2/elasticsearch-6.2.2/privateKeyElasticsearch.pem

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /certs/kibana-certificates.p12
xpack.security.transport.ssl.truststore.path: /certs/kibana-certificates.p12

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /certs/kibana-certificates.p12
xpack.security.http.ssl.truststore.path: /certs/kibana-certificates.p12

Blockquote

Merci de votre aide :!!

christophilus · May 4, 2018, 7:58pm

Hi Charaf,

Your English seems great to me!

Based on the configuration you gave, I'm not sure what the issue is, but I have a hunch. You're connecting to https://localhost:9200, but I doubt your certificates were issued for the domain: localhost. Most likely, they were issued for a specific domain or network address. Do you know how those pem files were generated?

Also, in the future, you shouldn't post any passwords here on the forum! I'd change your elastic password, just to be safe.

Hope that helps!

Charaf_Ahmed · May 7, 2018, 2:28pm

Good note for the confidentiality of my password and I thank you for your answer

For the creation of pem files, I first, generate a file p12 (Containing the certificate and the private key, if I do not say nonsense) for certification atoority, AC following the documentation.

Then, from each ELK module, I then generated the certiificat and the private key based on the CA.

My question is to know the necessary steps to confiigure the file kibana.yml so that I can specify the correct certificates and keys (from Elastiicearch and CA.)

Charaf_Ahmed · May 7, 2018, 3:09pm

I do not understand very well, I have the impression

Am I in X-Pack trial period, can I set up SSL / TLS between different modules (ELK)?

christophilus · May 8, 2018, 4:04pm

I haven't personally tried connecting ELK via https over localhost, so I'm not sure if I'm leading you down the right path, but I suspect the problem is that the certificates you are using aren't trusted.

Here's something that popped up when I searched for this issue:

Hope that helps!

Topic		Replies	Views
Error in Kibana "xpack => unable to get local issuer certificate" Kibana elastic-stack-security	2	1196	October 19, 2020
Allow SSL/TLS with self-generated ca certs and keys in localhost Kibana elastic-stack-security	5	3753	January 17, 2020
Cannot setup Kibana with SSL Kibana elastic-stack-security	2	244	July 12, 2023
Confused about setting up Kibana with X-Pack Security Elasticsearch elastic-stack-security	16	2393	December 31, 2018
Kibana and ssl Kibana elastic-stack-security	5	899	July 1, 2022

Error configuration SSL/TLS on Kibana

Related topics