{"type":"log","@timestamp":"2020-12-08T08:52:46Z","tags":["error","plugins","ingestManager"],"pid":54293,"message":"Error connecting to package registry: request to https://epr.elastic.co/search?package=system&internal=true&experimental=true&kibana.version=7.10.0 failed, reason: self signed certificate in certificate chain"}
All my certs are signed by my company PKI and I'm also using a RootCA obtained directly from PKI.
SSL is working great, everything is green and it's showing certification path as it should via my browser + elasticsearch and kibana internal communication is also via SSL.
If I copy this EPR address directly into my browser it is working fine. I can also download from it via my machine (using wget for example).
@Zerobot Does the server that is running Kibana have those same files? Because that error is from the Kibana server itself reaching out to get those files, it would not make that request from your local browser.
Sorry but I think I don't fully understand the question I've been trying to connect to the EPR directly from my Kibana machine. wget worked fine, I've just tried curl with certificates Kibana is using:
I have Nginx in front of Kibana but I guess that's not it. Nginx is just for listening on ports 80 and 443 and redirecting requests to Kibana on port 9999.
Is it possible that EPR is seeing my company's certificates signed by our PKI as self-signed?
I guess we are missing some options while doing our call from Kibana to EPR.
Can you try to add your company certificate authority to node, it's possible to do so by specifying the environment variable NODE_EXTRA_CA_CERTS while running Kibana?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.