I'm trying to stablish an https connection between Kibana and Enterprise Search, but I'm having this error:
"Could not perform access check to Enterprise Search: FetchError: request to api/ent/v2/internal/client_config failed, reason: unable to get local issuer certificate".
I've found some similar issues here, but could not find a workable solution for my case
With ssl disabled, it works fine, but I really need ssl enabled. Here is part of the docker-compose configs.
Stack version: 8.5.0
elasticsearch:
container_name: elasticsearch
environment:
- node.name=elasticsearch
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=elasticsearch
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/privkey.pem
- xpack.security.http.ssl.certificate=certs/fullchain.pem
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/privkey.pem
- xpack.security.transport.ssl.certificate=certs/fullchain.pem
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
kibana:
container_name: kibana
environment:
- SERVERNAME=myhost
- SERVER_SSL_ENABLED=true
- SERVER_SSL_CERTIFICATE=/usr/share/elasticsearch/config/certs/fullchain.pem
- SERVER_SSL_KEY=/usr/share/elasticsearch/config/certs/privkey.pem
- SERVER_PUBLICBASEURL=https://myhost:5601
- ELASTICSEARCH_HOSTS=https://myhost:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_ENABLED=true
- ENTERPRISESEARCH_HOST=https://myip:3002
- XPACK_SECURITY_ENCRYPTIONKEY=*************
- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=*************
- XPACK_REPORTING_ENCRYPTIONKEY=*************
- XPACK_REPORTING_KIBANASERVER_HOSTNAME=myhost
enterprisesearch:
environment:
- SERVERNAME=myhost
- secret_management.encryption_keys=[encryption_keys]
- allow_es_settings_modification=true
- elasticsearch.host=https://myhost:9200
- elasticsearch.username=elastic
- elasticsearch.password=${ELASTIC_PASSWORD}
- elasticsearch.ssl.enabled=true
- kibana.external_url=https://myhost:5601
- kibana.host=https://myhost:5601
- kibana.startup_retry.enabled=true
- kibana.startup_retry.interval=5
- kibana.startup_retry.fail_after=60
- ent_search.ssl.enabled=true
- ent_search.external_url=https://myip:
- ent_search.ssl.keystore.path=/usr/share/enterprise-search/cacert/keystore.jks
- ent_search.ssl.keystore.password=KEYSTORE_PASSWORD
- ent_search.ssl.keystore.key_password=KEYSTORE_PASSWORD
- ent_search.listen_port=3002
volumes:
enterprisesearchdata:
esdata:
kibanadata: