I am working on configuring SSL for ES cluster and I am at the step to enable SSL for Kibana (https://www.elastic.co/guide/en/kibana/7.8/configuring-tls.html).
bin/elasticsearch-certutil csr -name kibana-server -dns some-website.com,www.some-website.com
created 2 files: kibana-server.key and kibana-server.csr
How do I self-sign kibana-server.csr?
If you want to sign your own certificates then you don't want to generate a CSR.
You should use the cert option to certutil instead.
ok, with cert option, i get client.p12 self-signed cert, how do I get the following:
kibana.yml
server.ssl.key:
server.ssl.certificate: <new client cert>
@TimV -- I passed that point, by setting following in kibana.yml
elasticsearch.ssl.certificateAuthorities
server.ssl.truststore.path
server.ssl.keystore.path
but, I am not able to connect:
curl -sk -vvv "https://elb:5601/kibana/"
* Trying *******...
* TCP_NODELAY set
* Connected to elb (*****) port 5601 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elb:5601
* stopped the pause stream!
* Closing connection 0
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.