Error in Kibana "xpack => unable to get local issuer certificate"

I have a single node server with ES and Kibana hosted on it. I have put them behind an ELB , under a domain name .
Assume :- and
I have enabled http ssl in elasticsearch and copy pasted the pem to kibana but it's not working.
While creating http ssl i typed both domain name to check if that is the cause , but no help leaving it blank or passing it makes not difference
PFB elasticsearch.yml my-application elk-01 x.x.x.x
discovery.seed_hosts: ["elk-01"]
cluster.initial_master_nodes: ["elk-01"] true true certificate elastic-certificates.p12 elastic-certificates.p12
    roles: kibana_system
    authz_exception: false true "/home/elasticsearch/log_services/elasticsearch-7.9.1/config/new_http.p12"

PFB kibana.yml ""
elasticsearch.hosts: [""]
elasticsearch.username: "elastic"
elasticsearch.password: "xxxx" true
xpack.reporting.encryptionKey: "5HLw1U6ot9tU490VivE1rR9ymirksJLM"
xpack.encryptedSavedObjects.encryptionKey: "5HLw1U6ot9tU490VivE1rR9ymirksJLM"
elasticsearch.ssl.certificateAuthorities: "/home/elasticsearch/log_services/kibana-7.9.1-linux-x86_64/config/elasticsearch-new-ca.pem"
logging.dest: /home/elasticsearch/log_services/kibana7/logs/kibana.log

I have followed below links completely to implement this

I am sure that transport certificates are fine as without tls implementation it works well in this dev env and prod as well.
I am using 7.9.1 version of elastic,kibana and agent.

{"type":"log","@timestamp":"2020-09-19T22:55:00Z","tags":["warning","elasticsearch","data"],"pid":5047,"message":"Unable to revive connection:"}
{"type":"log","@timestamp":"2020-09-19T22:55:00Z","tags":["warning","elasticsearch","data"],"pid":5047,"message":"No living connections"}

What sort of ELB did you use?

If it's an Application Load Balancer, then it will terminate the TLS connection and the certificate you need to configure in Kibana is the one that ELB is using, not the one that Elasticsearch is configured to use.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.