Kibana https (ssl)

Raj_Kumar · June 7, 2017, 11:11am

Hi All,

Iam having single node Elk SETUP on one machine.Is it possible to make ssl connection on a single node or only in clusters we can use https?

For example : from http://privateip:5601 to https://private:5601

Any help would be much appreciated

Thanks,
Raj

Oozza · June 7, 2017, 11:36am

To enable SSL in Kibana setup path to your certificate and key files in Kibana's configuration file.

What it looks like in kibana.yml file:

# Paths to the PEM-format SSL certificate and SSL key files, respectively. These
# files enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.cert: C:/Kibana/certs/cert.pem
server.ssl.key: C:/Kibana/certs/keypl.pem

Raj_Kumar · June 7, 2017, 1:12pm

Hi ,
Thank you for the reply.
Am using xpack certgen to create certificates and key.
should i use same certs and keys in both elasticsearch.yml and kibana.yml,or Only kibana.yml.

Note :both ELasticsearch and Kibana are on the same host

Thanks,
Raj

Oozza · June 7, 2017, 1:31pm

For communication that stays on same host you don't need certificate. We don't know what is your use case.

When running ES+Kibana on same host, the purpose of elasticsearch's certificate may be to secure connection from remote data shippers to ES. The purpose of the certificate in Kibana would be to present your Kibana server to public and to encipher data between client's browser and Kibana.

You can use same certificate for both of them, especially while just testing.

Raj_Kumar · June 7, 2017, 1:48pm

Thank you for the reply,that makes sense and yes you are right ,when we install more nodes and shippers we could put certificates in each instances.

As of now my ELk setup in only single node,since my kibana is communicating with google chrome as a browser to view kibana,is it recommended to have https or http?

if https enabling these two settings will it work

Paths to the PEM-format SSL certificate and SSL key files, respectively. These

files enable SSL for outgoing requests from the Kibana server to the browser.

server.ssl.cert: C:/Kibana/certs/cert.pem
server.ssl.key: C:/Kibana/certs/keypl.pem

Thanks,
Raj

Oozza · June 7, 2017, 2:10pm

Yes, setting up path to certificates in correct format should automatically (after restart) make Kibana use Https protocol instead of Http. It's also said in the commented lines you've copied.

Raj_Kumar · June 9, 2017, 8:42am

Thank you very much for the info

system · July 7, 2017, 8:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.