sb116
(Subroto)
July 16, 2020, 8:30pm
1
I am working on configuring SSL for ES cluster and I am at the step to enable SSL for Kibana (https://www.elastic.co/guide/en/kibana/7.8/configuring-tls.html ).
bin/elasticsearch-certutil csr -name kibana-server -dns some-website.com,www.some-website.com
created 2 files: kibana-server.key and kibana-server.csr
How do I self-sign kibana-server.csr?
TimV
(Tim Vernum)
July 17, 2020, 10:50am
2
If you want to sign your own certificates then you don't want to generate a CSR.
You should use the cert
option to certutil instead.
sb116
(Subroto)
July 20, 2020, 6:52pm
3
ok, with cert option, i get client.p12 self-signed cert, how do I get the following:
kibana.yml
server.ssl.key:
server.ssl.certificate: <new client cert>
sb116
(Subroto)
July 20, 2020, 7:17pm
4
@TimV -- I passed that point, by setting following in kibana.yml
elasticsearch.ssl.certificateAuthorities
server.ssl.truststore.path
server.ssl.keystore.path
but, I am not able to connect:
curl -sk -vvv "https://elb:5601/kibana/"
* Trying *******...
* TCP_NODELAY set
* Connected to elb (*****) port 5601 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elb:5601
* stopped the pause stream!
* Closing connection 0
system
(system)
Closed
August 17, 2020, 7:17pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.