My elasticsearch.yml configuration
xpack.security.http.ssl:
enabled: true
keystore.path: certs/certificates.p12
Bellow procedure has been followed to create certificate.p12
> cat private-key.key certificate.crt > cert_and_key.pem
> openssl pkcs12 -export -in cert_and_key.pem -out certificates.p12
Bellow command works fine to test the SSL certificate to Elasticsearch
curl --cacert /etc/elasticsearch/certs/certificate.crt -u elastic:+NP2Lg47d42NE https://drsite.mydomain.co.uk:9200
So here we have 3 files which has been signed by Alphassl .
certificate.crt
private-key.key
alphasslrootcabundle.crt
So I converted alphasslrootcabundle.crt to pem by using
openssl x509 -in alphasslrootcabundle.crt -out alphasslrootcabundle.crt.pem -outform PEM
bellow is my kibana.yml configuration
**# =================== System: Elasticsearch (Optional) ===================**
**# These files are used to verify the identity of Kibana to Elasticsearch and are required when**
**# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.**
**elasticsearch.ssl.certificate: /etc/kibana/certs/certficate.crt**
**elasticsearch.ssl.key: /etc/kibana/certs/private-key.key**
**# Enables you to specify a path to the PEM file for the certificate**
**# authority for your Elasticsearch instance.**
**elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/alphasslrootcabundle.pem**
But still getting bellow errror
Oct 14 22:15:21 drsite kibana[92231]: [2023-10-14T22:15:20.999+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. unable to get issuer certificate
I need a help to understand which certificate files i should use in which locaiton in kibana to avoid that error
Thanks for the help