KIBANA and ELASTICSEARCH 8.9X not working either SELFSIGNED or Custom SSL certs over WebBrowser

Elastic Stack Kibana
, , ,
1

Hi Team we were implemented Elasticsearch and KIBANA 8.9 over Single UBUNTU 20.4 VM. The service runs internally (locally over VM) but unable to resolved over WEB BROWSER unable to execute /resolve the domain.

Tested Below:

  • Tested over SelfCertificates(Elasticsearch)
    Even after Custom Certificates also Same outputs?
curl -u elastic:zGsxbO+5gNHw6EmdcTp5 -vvv https://kibana.uat.XXX:5601/ --cacert /etc/elasticsearch/certs/ca/ca.crt
*   Trying 34.143.132.73:5601...
* TCP_NODELAY set
* Connected to kibana.uat.XXX (34.143.132.73) port 5601 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/elasticsearch/certs/ca/ca.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=kibana
*  start date: Aug  5 07:21:57 2023 GMT
*  expire date: Aug  4 07:21:57 2026 GMT
*  subjectAltName: host "kibana.uat.XXX" matched cert's "kibana.uat.XXX."
*  issuer: CN=Elastic Certificate Tool Autogenerated CA
*  SSL certificate verify ok.
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: kibana.uat.XXX:5601
> Authorization: Basic ZWxhc3RpYzp6R3N4Yk8rNWdOSHc2RW1kY1RwNQ==
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< location: /spaces/enter
< x-content-type-options: nosniff
< referrer-policy: no-referrer-when-downgrade
< permissions-policy: camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=()
< cross-origin-opener-policy: same-origin
< content-security-policy: script-src 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
< kbn-name: elk-uat-v89
< kbn-license-sig: 2ec1029e58cb82ff80f58908cba75b791b17af3affa0a7ce706d9472a13196c6
< cache-control: private, no-cache, no-store, must-revalidate
< content-length: 0
< Date: Mon, 07 Aug 2023 06:55:32 GMT
< Connection: keep-alive
< Keep-Alive: timeout=120
<
* Connection #0 to host kibana.uat.XXX left intact

ES:

curl -u elastic:zGsxbO+5gNHw6EmdcTp5 -vvv https://kibana.uat.XXX:5601/ --cacert /etc/elasticsearch/certs/ca/ca.crt
*   Trying 34.143.132.73:5601...
* TCP_NODELAY set
* Connected to kibana.uat.XXX (34.143.132.73) port 5601 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/elasticsearch/certs/ca/ca.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=kibana
*  start date: Aug  5 07:21:57 2023 GMT
*  expire date: Aug  4 07:21:57 2026 GMT
*  subjectAltName: host "kibana.uat.XXX" matched cert's "kibana.uat.XXX"
*  issuer: CN=Elastic Certificate Tool Autogenerated CA
*  SSL certificate verify ok.
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: kibana.uat.XXX:5601
> Authorization: Basic ZWxhc3RpYzp6R3N4Yk8rNWdOSHc2RW1kY1RwNQ==
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< location: /spaces/enter
< x-content-type-options: nosniff
< referrer-policy: no-referrer-when-downgrade
< permissions-policy: camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=(), web-share=()
< cross-origin-opener-policy: same-origin
< content-security-policy: script-src 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
< kbn-name: elk-uat-v89
< kbn-license-sig: 2ec1029e58cb82ff80f58908cba75b791b17af3affa0a7ce706d9472a13196c6
< cache-control: private, no-cache, no-store, must-revalidate
< content-length: 0
< Date: Mon, 07 Aug 2023 06:55:32 GMT
< Connection: keep-alive
< Keep-Alive: timeout=120
<
* Connection #0 to host kibana.uat.XXX left intact
root@elk-uat-v89:/etc/kibana# curl -u elastic:zGsxbO+5gNHw6EmdcTp5 -vvv https://elasticsearch.uat.XXX:9200/ --cacert /etc/elasticsearch/certs/ca/ca.crt
*   Trying 10.67.0.36:9200...
* TCP_NODELAY set
* Connected to elasticsearch.uat.XXX(10.67.0.36) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/elasticsearch/certs/ca/ca.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=elastic
*  start date: Aug  5 06:40:54 2023 GMT
*  expire date: Aug  4 06:40:54 2026 GMT
*  subjectAltName: host "elasticsearch.uat.XXX" matched cert's "elasticsearch.uat.XXX"
*  issuer: CN=Elastic Certificate Tool Autogenerated CA
*  SSL certificate verify ok.
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: elasticsearch.uat.XXX:9200
> Authorization: Basic ZWxhc3RpYzp6R3N4Yk8rNWdOSHc2RW1kY1RwNQ==
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 530
<
{
  "name" : "elk-uat-v89",
  "cluster_name" : "uat-elk89",
  "cluster_uuid" : "1Z3pBBJrS-Cp_CA_yXBtrg",
  "version" : {
    "number" : "8.9.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "8aa461beb06aa0417a231c345a1b8c38fb498a0d",
    "build_date" : "2023-07-19T14:43:58.555259655Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
* Connection #0 to host elasticsearch.uat.XXX left intact
  • List item
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.