Error shows "Kibana server is not ready yet" after TLS configuration

Shoaib_Hasan · October 23, 2021, 6:29am

I did not facing any issue when configured below code:

xpack.license.self_generated.type: basic
xpack.monitoring.collection.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.monitoring.elasticsearch.collection.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

But when i enable below code in Elasticsearch then shows in the browser "Kibana server is not ready yet" when I hit URL(192.168.0.171:5601)

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: http.p12

Also share kibana server logs:

{"type":"log","@timestamp":"2021-10-23T12:08:09+06:00","tags":["warning","plugins","security","config"],"pid":72174,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
{"type":"log","@timestamp":"2021-10-23T12:08:09+06:00","tags":["warning","plugins","reporting","config"],"pid":72174,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux Red Hat Linux 7.9 OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
{"type":"log","@timestamp":"2021-10-23T12:08:09+06:00","tags":["info","plugins","monitoring","monitoring"],"pid":72174,"message":"config sourced from: production cluster"}
{"type":"log","@timestamp":"2021-10-23T12:08:10+06:00","tags":["info","savedobjects-service"],"pid":72174,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2021-10-23T12:08:10+06:00","tags":["error","savedobjects-service"],"pid":72174,"message":"Unable to retrieve version information from Elasticsearch nodes."}

Kibana server not started properly. How could I solve this problem.
Have any idea please help me.

stephenb · October 23, 2021, 2:24pm

Hi @Shoaib_Hasan Welcome to the community. You're almost there...

Did you copy over the Elasticsearch CA and set it in the kibana.yml? Otherwise the http.p12 cert you setup in Elasticsearch.yml will not be recognized / validated by Kibana

In the kibana.yml

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: /etc/kibana/elasticsearch-ca.pem

I have a complete walkthrough how to set up all this here

github.com

bvader/howtos/blob/master/basic-security-elasticsearch/README.md


## Single Node Secured Elasticsearch + Kibana with Elastic generated self signed certs (updated)

#### NOTE / DISCLAIMER: **This configuration should only be used for Dev / POC purposes this is NOT suitable for production use.**

For Further Details Please Refer to the Official Documentation: [Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html) and [Kibana](https://www.elastic.co/guide/en/kibana/current/index.html)

### What we are doing?

This is simple / minimal quickstart to create a single Elasticsearch node and Kibana with basic authentication and SSL/TLS enabled (we will enable SSL for both HTTPS and Transport layer even though it is just a single node). This is a condensed / direct path to the Basic Security + HTTPs shown in the diagram [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html) and described [Configure security for the Elastic Stack](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html#security-basic-https-overview). We will then be able to bind the Elasticsearch and Kibana to the network so it can be safely reached from another system.  
**Do NOT bind your Elasticsearch node or cluster to the network unless you secure your cluster and Kibana FIRST!** 

![Elastic Securty Layers](https://www.elastic.co/guide/en/elasticsearch/reference/current/images/elastic-security-overview.png)

**Notes:** 
* This example is using Elastic Stack 7.15.1 and Ubuntu 20.04 LTS using a Deb Package
* We are colocating Elasticsearch and Kibana for Dev / POC only for POC / Dev only
* Many of these commands / directores require `root` access so either be prepared to `sudo` most of the commands or just do a `sudo -i` for the duration of the session... your choice...
* There are many important settings for Elasticsearch that are not in the example please review them [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html) before moving on from POC / Dev mode
* All the IP Adresses are just examples and are not to be taken literally.

This file has been truncated. show original

system · November 20, 2021, 2:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana "server is not ready yet" after enabling Basic Security on Elasticsearch cluster Kibana elastic-stack-security , docker	4	1529	August 21, 2021
After enabling xpack.security.enabled: true in elasticsearch kibana url is saying kibana server is not ready Kibana elastic-stack-monitoring , elastic-stack-security	7	4226	October 21, 2020
Kibana server is not ready yet Kibana	8	868	August 5, 2021
Why Kibana server is not ready yet Kibana elastic-stack-security	2	10972	December 17, 2020
Kibana server is not ready yet Kibana elastic-stack-security	6	1075	November 20, 2021

Error shows "Kibana server is not ready yet" after TLS configuration

Related topics