Kibana can't startup successfully after enable ssl and xpack in elasticsearch6.7.1

sunweiconfidence · April 20, 2019, 1:39pm

my configuration for kibana is below:
server.port: 5601
server.host: "0.0.0.0"
server.name: "MyPc1"
elasticsearch.hosts: ["https://MyPc1:9500"]
kibana.index: ".kibana"
kibana.defaultAppId: "discover"
elasticsearch.username: "elastic"
elasticsearch.password: "pass1234"
server.ssl.enabled: true
elasticsearch.ssl.ca: "C:/ELK/kibana-6.7.1-windows-x86_64/config/certs/MyPc1.crt"
server.ssl.key: "C:/ELK/kibana-6.7.1-windows-x86_64/config/certs/MyPc1.key"
server.ssl.certificate: "C:/ELK/kibana-6.7.1-windows-x86_64/config/certs/MyPc1.crt"
elasticsearch.ssl.certificateAuthorities: ["C:/ELK/kibana-6.7.1-windows-x86_64/config/certs/MyPc1.pem"]
elasticsearch.ssl.verificationMode: 'certificate'
elasticsearch.requestTimeout: 1000000
i18n.locale: "en"
indent preformatted text by 4 spaces
xpack.security.enabled: false
xpack.security.audit.enabled: false
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: ["https://MyPc1:9500"]
xpack.monitoring.elasticsearch.ssl.verificationMode: "certificate"
xpack.monitoring.elasticsearch.ssl.certificateAuthorities: [ "C:/ELK/kibana-6.7.1-windows-x86_64/config/certs/MyPc1.pem" ]
xpack.security.encryptionKey: "aaaabbbbccccddddeeeeffffgggghhhh"
xpack.reporting.encryptionKey: "aaaaaaaabbbbbbbbccccccccdddddddd"


I enable ssl in elasticsearch6.7.1, and configure xpack in elasticsearch.yml, xpack i use clause to active trial version,still meet with below error when run kibana.bat in kibana bin folder:
["error","elasticsearch","data"],"pid":4780,"message":"Request error, retrying\nGET https://sunwei:9500/_xpack => self signed certificate in certificate chain"}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["warning","elasticsearch","data"],"pid":4780,"message":"Unable to revive connection: https://sunwei:9500/"}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["warning","elasticsearch","data"],"pid":4780,"message":"No living connections"}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["license","warning","xpack"],"pid":4780,"message":"License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. Error: No Living connections"}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["status","plugin:xpack_main@6.7.1","error"],"pid":4780,"state":"red","message":"Status changed from red to red - No Living connections","prevState":"red","prevMsg":"Unable to connect to Elasticsearch."}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["status","plugin:graph@6.7.1","error"],"pid":4780,"state":"red","message":"Status changed from red to red - No Living connections","prevState":"red","prevMsg":"Unable to connect to Elasticsearch."}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["status","plugin:spaces@6.7.1","error"],"pid":4780,"state":"red","message":"Status changed from red to red - No Living connections","prevState":"red","prevMsg":"Unable to connect to Elasticsearch."}
{"type":"log","@timestamp":"2019-04-20T13:19:30Z","tags":["status","plugin:searchprofiler@6.7.1","error"],"pid":4780,"state":"red","message":"Status changed from red to red - No Living connections","prevState":"red","prevMsg":"Unable to connect to Elasticsearch."}[quote="sunweiconfidence, post:1, topic:177716, full:true"]
indent preformatted text by 4 spaces

ikakavas · April 20, 2019, 3:17pm

Can you please reformat your post using the </> button or ``` to format the logs and configuration snippets? It is really hard to read through this as it is now. You can use the preview panel on the right to make sure it looks ok

sunweiconfidence · April 20, 2019, 3:36pm

has format text

Christian_Dahlqvist · April 21, 2019, 5:53am

What does your Elasticsearch config look like?

sunweiconfidence · April 21, 2019, 1:06pm

hi,
below is my configuration for elasticsearch:
cluster.name: mynewes671
node.name: MyPc1

network.host: MyPc1
http.port: 9500
transport.tcp.port: 9501

#action.destructive_requires_name: true
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
http.type: security4

xpack.security.enabled: true

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "certs/MyPc1.p12"
xpack.security.http.ssl.truststore.path: "certs/MyPc1.p12"

xpack.security.http.ssl.supported_protocols: TLSv1.2
xpack.monitoring.exporters:
id1:
type: http
host: ["http://MyPc1:9500"]
auth.username: elastic
auth.password: pass1234

xpack.security.audit.enabled: true
xpack.monitoring.enabled: true
xpack.monitoring.collection.cluster.stats.timeout: 30m
xpack.monitoring.collection.index.stats.timeout: 30m
xpack.monitoring.collection.index.recovery.active_only: true
xpack.monitoring.collection.index.recovery.timeout: 30m
xpack.monitoring.history.duration: 3650d
indent preformatted text by 4 spaces

ikakavas · April 22, 2019, 10:02am

Please take the extra few minutes every time you post to format your posts. You make it difficult for people that might want to try and help you to get to understand what the issue might be.

What is the relation between C:/ELK/kibana-6.7.1-windows-x86_64/config/certs/MyPc1.pem and certs/MyPc1.p12 ? Have you exported the pem file from the PKCS#12 container ? And if so, what was the command that you used to do it ?

Can you also share the relevant part of your elasticsearch.log ?

system · May 20, 2019, 10:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.