How to setup https for kibana?

Elastic Stack Kibana
1

Hi all,
Sorry about my bad English. I'm config https following the guide:

I generated a server certificate and private key for Kibana:

./bin/elasticsearch-certutil csr -name kibana-server MY_IP_SERVER

Kibana setting is:

server.host: "0.0.0.0"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana-server.csr
server.ssl.key: /etc/kibana/kibana-server.key

I got the error:

 kibana.service - Kibana
   Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Fri 2021-10-22 10:31:39 +07; 1min 5s ago
     Docs: https://www.elastic.co
  Process: 6171 ExecStart=/usr/share/kibana/bin/kibana --logging.dest="/var/log/kibana/kibana.log" --pid.file="/run/kibana/kibana.pid" (code=exited, status=1/FAILURE)
 Main PID: 6171 (code=exited, status=1/FAILURE)

Oct 22 10:31:36 centos-elk systemd[1]: kibana.service: main process exited, code=exited, status=1/FAILURE
Oct 22 10:31:36 centos-elk systemd[1]: Unit kibana.service entered failed state.
Oct 22 10:31:36 centos-elk systemd[1]: kibana.service failed.
Oct 22 10:31:39 centos-elk systemd[1]: kibana.service holdoff time over, scheduling restart.
Oct 22 10:31:39 centos-elk systemd[1]: Stopped Kibana.
Oct 22 10:31:39 centos-elk systemd[1]: start request repeated too quickly for kibana.service
Oct 22 10:31:39 centos-elk systemd[1]: Failed to start Kibana.
Oct 22 10:31:39 centos-elk systemd[1]: Unit kibana.service entered failed state.
Oct 22 10:31:39 centos-elk systemd[1]: kibana.service failed.

Please help me, thank you!

2

Welcome to our community! :smiley:

Can you please check the Kibana logs under /var/log/kibana/kibana.log as it will contain more information on what is happening.

1 Like
3

That does not create a cert that creates a CSR a certificate signing request which you send to a certificate authority like Let's Encrypt create and actual certificate.

The following instructions create a Certificate Signing Request (CSR) for Kibana. A CSR contains information that a CA uses to generate and sign a security certificate

  1. Send the kibana-server.csr certificate signing request to your internal CA or trusted CA for signing to obtain a signed certificate. The signed file can be in different formats, such as a .crt file like kibana-server.crt .

So that's not going to work.

You need to create a cert with the cert util you need to use the cert mode not csr mode see here

I have an example here If you are putting both elasticsearch and Kibana on the same host.

https://github.com/bvader/howtos/blob/master/basic-security-elasticsearch/README.md

1 Like
4

Thank you @stephenb, it worked. I generated certificates:

cd /etc/elasticsearch/
openssl pkcs12 -in elastic-certificates.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in elastic-certificates.p12 -out newfile.key.pem -nocerts -nodes

And config in kibana.yml:

server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/newfile.crt.pem
server.ssl.key: /etc/kibana/newfile.key.pem
elasticsearch.ssl.verificationMode: none

Everything is okie. Thank you again!

2 Likes
5

Hello @stephenb,
I have a problem with email connector. I read the guide

But I am not clear with the guide. I don't where to config email connector (maybe kibana.yml). How can I create Gmail connector to send mail when have a alert?
Thank you!

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.