How to generate certificate to enable alerting in Kibana?

elasticheart · November 17, 2020, 10:07am

Hi,

As documented here, I understand that there are 3 main steps / prerequisites to enable alerting in Kibana;

I have a 3 node cluster. I generated elastic-stack-ca.p12 in one node, gave pass phrase, and copied it to all other nodes. Then I generated elastic-certificates.p12 in every node using the other elastic-stack-ca.p12 file. Then I copied elastic-stack-ca.p12 to config directory and created a certs inside that for elastic-certificates.p12. I believe I have completed step 1.

For step 2, I gave the below configurations in kibana.yml

elasticsearch.username: "kibana_system"
elasticsearch.password: "password"
xpack.security.session.idleTimeout: "1h"
xpack.security.session.lifespan: "30d"

I started kibana, and presented the login page, and the credentials works just fine. Now, as per the documentation, i was doing step 2, to Enable TLS on the HTTP layer in Elasticsearch . Now I have one Kibana node and 3 elasticsearch nodes. What all steps do I need to perform to generate certificates to integrate it with Kibana, so that I can proceed with alerting?

If any information is missing, I can provide it.

Thanks.

jportner · November 19, 2020, 8:53pm

Actually, since you already generated certificates to encrypt communications between your cluster nodes on the transport layer, you can use the same certificates on the HTTP layer!

In each of your cluster nodes, add this to your elasticsearch.yml:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/path/to/elastic-certificates.p12"
xpack.security.http.ssl.keystore.password: "your keystore password"

Then, you need to extract the CA certificate so Kibana knows it can trust these server certificates. Run this command:

openssl pkcs12 -in elastic-certificates.p12 -cacerts -nokeys -out elasticsearch-ca.pem

Copy that PEM file over to your Kibana server, and add this to your kibana.yml:

elasticsearch.ssl.certificateAuthorities: ["/path/to/elasticsearch-ca.pem"]

Edit: as per the docs: API Keys | Kibana Guide [master] | Elastic

The Elasticsearch API key service is automatically enabled when you configure TLS on the HTTP interface. This ensures that clients are unable to send API keys in clear-text.

So you don't need to take any additional steps to enable the API key service once you've enabled TLS on the HTTP layer.

elasticheart · November 20, 2020, 5:06am

Thank you so much @jportner for sparing your valuable time in helping me

jportner · November 20, 2020, 3:08pm

You're very welcome!

system · December 18, 2020, 3:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Enable Alerts and Actions Kibana elastic-stack-security , elastic-stack-alerting	17	2544	March 10, 2021
Setting for alerts in elk Kibana	2	204	June 29, 2021
TLS Between Elastic & Kibana…Alerts Not Working Kibana elastic-stack-security , elastic-stack-alerting	13	2690	May 7, 2021
TSL configuration Kibana elastic-stack-security , elastic-stack-alerting	3	320	December 6, 2021
Setting for alerts in elk Kibana	3	222	June 29, 2021

How to generate certificate to enable alerting in Kibana?

Related Topics