How do i self sign kibana certs

I am working on configuring SSL for ES cluster and I am at the step to enable SSL for Kibana (https://www.elastic.co/guide/en/kibana/7.8/configuring-tls.html).

bin/elasticsearch-certutil csr -name kibana-server -dns some-website.com,www.some-website.com

created 2 files: kibana-server.key and kibana-server.csr

How do I self-sign kibana-server.csr?

If you want to sign your own certificates then you don't want to generate a CSR.
You should use the cert option to certutil instead.

ok, with cert option, i get client.p12 self-signed cert, how do I get the following:
kibana.yml

server.ssl.key:

server.ssl.certificate: <new client cert>

@TimV -- I passed that point, by setting following in kibana.yml

elasticsearch.ssl.certificateAuthorities
server.ssl.truststore.path
server.ssl.keystore.path

but, I am not able to connect:

curl -sk -vvv "https://elb:5601/kibana/"
*   Trying *******...
* TCP_NODELAY set
* Connected to elb (*****) port 5601 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elb:5601
* stopped the pause stream!
* Closing connection 0

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.