KIbana 7.6.2 with SSL

I am trying to enable SSL in Kibana ... and I am getting:

Error: 139959624402752:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48

I created private key and CSR with:

bin/elasticsearch-certutil csr -name kibana-server -dns kibana-dev.xxx.com

My cert is hosted in Cloudflare ... so I am signing the CSR there.

this is my kibana config:

server.ssl.enabled: true
server.ssl.certificate: /opt/kibana-7.6.2-linux-x86_64/config/gen-with-es/kibana-server.crt
server.ssl.key: /opt/kibana-7.6.2-linux-x86_64/config/gen-with-es/kibana-server.key

I tried also add CA root as cloud flare suggest here

elasticsearch.ssl.certificateAuthorities: "/opt/kibana-7.6.2-linux-x86_64/config/origin_ca_rsa_root.pem"

any thoughts ?

The ssl error should not be a problem. What is the error when trying to access from the browser or via curl?

Also, the elasticsearch.ssl* settings are related to the connection of Kibana to Elasticsearch.
The elasticsearch.ssl.certificateAuthorities is required to trust the connections to Elasticsearch from the Kibana server.

The settings server.ssl.* are to enable SSL on the Kibana server when connecting from the browser.

Can you try:

curl -vvvv https://kibanahost:kibanaport -u elastic:yourpassword --cacert theCaCertUsedForKibanaCerts.crt

Then the same command with the parameter -k and post the output (hide sensible data).

just found it !

Cloudfare Orgin Certificates only works with proxied connections ! And proxy was disabled ...

thank you for you response @Luca_Belluccini

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.