How to set SSL certificate and key in kibana.yml?


(Li Jessen) #1

in Kibana.yml, there are:
#Optional settings that provide the paths to the PEM-format SSL certificate and key files.
#These files validate that your Elasticsearch backend uses the same key files.
elasticsearch.ssl.certificate:
elasticsearch.ssl.key:

  1. What does " validate that your Elasticsearch backend uses the same key files." mean? Does it mean the certificate and key to be set there are the same as the ones used for elasticsearch node?

  2. It said that "Optional settings". Then when must we set it?


(Jon Budzenski) #2

Are you looking to serve kibana over https or pass a certificate and key to elasticsearch? The comment is referring to passing certificates along with each request to elasticsearch, and elasticsearch is configured to only accept requests that have these certificates. It's not a common workflow until we support full PKI - https://github.com/elastic/kibana/issues/7341.

Is it possible we want server.ssl.certificate/server.ssl.key?


(Li Jessen) #3

So you mean that normally we don't need to do this?


(Li Jessen) #4

Yes, I tried, it is not necessary.