Sorry about my bad English. I'm config https following the guide:
I generated a server certificate and private key for Kibana:
./bin/elasticsearch-certutil csr -name kibana-server MY_IP_SERVER
Kibana setting is:
I got the error:
kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2021-10-22 10:31:39 +07; 1min 5s ago
Process: 6171 ExecStart=/usr/share/kibana/bin/kibana --logging.dest="/var/log/kibana/kibana.log" --pid.file="/run/kibana/kibana.pid" (code=exited, status=1/FAILURE)
Main PID: 6171 (code=exited, status=1/FAILURE)
Oct 22 10:31:36 centos-elk systemd: kibana.service: main process exited, code=exited, status=1/FAILURE
Oct 22 10:31:36 centos-elk systemd: Unit kibana.service entered failed state.
Oct 22 10:31:36 centos-elk systemd: kibana.service failed.
Oct 22 10:31:39 centos-elk systemd: kibana.service holdoff time over, scheduling restart.
Oct 22 10:31:39 centos-elk systemd: Stopped Kibana.
Oct 22 10:31:39 centos-elk systemd: start request repeated too quickly for kibana.service
Oct 22 10:31:39 centos-elk systemd: Failed to start Kibana.
Oct 22 10:31:39 centos-elk systemd: Unit kibana.service entered failed state.
Oct 22 10:31:39 centos-elk systemd: kibana.service failed.
Please help me, thank you!
Welcome to our community!
Can you please check the Kibana logs under
/var/log/kibana/kibana.log as it will contain more information on what is happening.
That does not create a cert that creates a CSR a certificate signing request which you send to a certificate authority like Let's Encrypt create and actual certificate.
The following instructions create a Certificate Signing Request (CSR) for Kibana. A CSR contains information that a CA uses to generate and sign a security certificate
kibana-server.csr certificate signing request to your internal CA or trusted CA for signing to obtain a signed certificate. The signed file can be in different formats, such as a
.crt file like
So that's not going to work.
You need to create a cert with the cert util you need to use the
cert mode not
csr mode see
I have an example here If you are putting both Elasticsearch and Kibana on the same host.
This file has been truncated.
## Single Node Secured Elasticsearch + Kibana with Elastic generated self signed certs (updated)
#### NOTE / DISCLAIMER: **This configuration should only be used for Dev / POC purposes this is NOT suitable for production use.**
For Further Details Please Refer to the Official Documentation: [Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html) and [Kibana](https://www.elastic.co/guide/en/kibana/current/index.html)
### What we are doing?
This is simple / minimal quickstart to create a single Elasticsearch node and Kibana with basic authentication and SSL/TLS enabled (we will enable SSL for both HTTPS and Transport layer even though it is just a single node). This is a condensed / direct path to the Basic Security + HTTPs shown in the diagram [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html) and described [Configure security for the Elastic Stack](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html#security-basic-https-overview). We will then be able to bind the Elasticsearch and Kibana to the network so it can be safely reached from another system.
**Do NOT bind your Elasticsearch node or cluster to the network unless you secure your cluster and Kibana FIRST!**
![Elastic Securty Layers](https://www.elastic.co/guide/en/elasticsearch/reference/current/images/elastic-security-overview.png)
* This example is using Elastic Stack 7.15.1 and Ubuntu 20.04 LTS using a Deb Package, if you use another method such as the tar.gz you will need to adjust the paths.
* We are colocating Elasticsearch and Kibana for POC / Dev purposes only.
* Many of these commands / directores require `root` access so either be prepared to `sudo` most of the commands or just do a `sudo -i` for the duration of the session... your choice...
* There are many important settings for Elasticsearch that are not in the example please review them [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html) before moving on from POC / Dev mode
* All the IP Adresses are just examples and are not to be taken literally.
@stephenb, it worked. I generated certificates:
openssl pkcs12 -in elastic-certificates.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in elastic-certificates.p12 -out newfile.key.pem -nocerts -nodes
And config in kibana.yml:
Everything is okie. Thank you again!
I have a problem with email connector. I read the guide
But I am not clear with the guide. I don't where to config email connector (maybe kibana.yml). How can I create Gmail connector to send mail when have a alert?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.