I have installed Elasticsearch and Kibana in my Ubuntu System in a corporate environment behind firewall and proxies. We have two crt files to use internet in browser. My elasticsearch is running fine. But when I run Kibana from /bin/kibaba --allow root, Kibana runs in base mode but it throws the errot like this-
[2022-07-19T16:02:40.701+03:00][ERROR][plugins.fleet] Failed to fetch latest version of endpoint from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=endpoint&experimental=true&kibana.version=8.3.2 failed, reason: unable to get local issuer certificate
Most likely, Kibana is not connected to the internet connection. But when I run curl using command
curl -vvI https://epr.elastic.co/search?package=endpoint&experimental=true&kibana.version=8.3.2
I think I get the connection, I found some issues similar to this using
NODE_EXTRA_CERTS= /etc/kibana/root_ca_chain.pem
but I am confused what does this file mean? I supplied my organisations "xxx.crt" file but it doesn't seem to work. Can someone help me on this?
You need to change the certificates in the kibana.yml file, not by using NODE_EXTRA_CERTS.
UDATE: I tried using air grapped environement using this link:
https://www.elastic.co/guide/en/fleet/current/air-gapped.html
However, still I cant get access to Elastic Package Registry and shows the following error:
[2022-07-26T18:00:21.794+03:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: scheduled with interval 1h
[2022-07-26T18:00:22.242+03:00][ERROR][plugins.fleet] Failed to fetch latest version of endpoint from registry: Error connecting to package registry: request to http://package-registry.corp.net:8080/search?package=endpoint&experimental=true&kibana.version=8.3.2 failed, reason: getaddrinfo ENOTFOUND package-registry.corp.net
[2022-07-26T18:00:22.282+03:00][INFO ][plugins.fleet] Fleet setup completed
[2022-07-26T18:00:22.288+03:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask
[2022-07-26T18:00:24.069+03:00][INFO ][status] Kibana is now available (was degraded)
[2022-07-26T18:00:24.108+03:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2022-07-26T18:04:32.946+03:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
[2022-07-26T18:05:11.996+03:00][ERROR][plugins.fleet] Error connecting to package registry: request to http://package-registry.corp.net:8080/categories?experimental=true&include_policy_templates=true&kibana.version=8.3.2 failed, reason: getaddrinfo ENOTFOUND package-registry.corp.net
[2022-07-26T18:05:11.999+03:00][ERROR][plugins.fleet] Error connecting to package registry: request to http://package-registry.corp.net:8080/search?experimental=true&kibana.version=8.3.2 failed, reason: getaddrinfo ENOTFOUND package-registry.corp.net
[2022-07-26T18:12:38.648+03:00][INFO ][plugins.fleet] Beginning fleet setup
[2022-07-26T18:12:39.955+03:00][ERROR][plugins.fleet] Failed to fetch latest version of endpoint from registry: Error connecting to package registry: request to http://package-registry.corp.net:8080/search?package=endpoint&experimental=true&kibana.version=8.3.2 failed, reason: getaddrinfo ENOTFOUND package-registry.corp.net
[2022-07-26T18:12:40.004+03:00][INFO ][plugins.fleet] Fleet setup completed
[2022-07-26T18:14:53.881+03:00][INFO ][plugins.fleet] Beginning fleet setup
[2022-07-26T18:14:55.183+03:00][ERROR][plugins.fleet] Failed to fetch latest version of endpoint from registry: Error connecting to package registry: request to http://package-registry.corp.net:8080/search?package=endpoint&experimental=true&kibana.version=8.3.2 failed, reason: getaddrinfo ENOTFOUND package-registry.corp.net
[2022-07-26T18:14:55.229+03:00][INFO ][plugins.fleet] Fleet setup completed>