Kibana not trusting my elasticsearch/shield CA

security

(Bob) #1

I have Elasticsearch up an running with Shield and SSL using local authentication. The browser on my workstation trusts the site when I go to https://myserver.mydomain.com:9200

I have updated the Kibana.yml file:
elasticsearch.url: "https://myserver.mydomain.com:9200/"
elasticsearch.ssl.ca: /opt/elasticsearch/config/shield/Chain.pem (This is the certificate chain for my internal CA)

Kibana won't connect to Elasticsearch unless I add the:
elasticsearch.ssl.verify: false

What am I missing? What CA store is Kibana trying to use?

Thanks for any advice.


(Jay Modi) #2

Hi Bob,

You mentioned a cert chain, which implies you have more than a single cert in that file. I believe you need to specify each certificate separately due to the way node.js works. Something like:

elasticsearch.ssl.ca: [ "/path/to/root.pem", "/path/to/intermediate.pem" ]

-Jay


(Bob) #3

Yes. We do have a cert chain and your suggestion worked! Thanks!
Bob.


(David F.) #4

I'm for example used my logstash-forwarder certificate :grin:


(Bob) #5

For logstash to elasticsearch over SSL, keep your CA certificate chain in ONE PEM file. Here is a sample from my logstash.conf file:

output {

    elasticsearch {
            hosts => ["https://elastic.mydomain.com:9200"]
            user => myuser
            password => mypassword
            ssl => true
            cacert => "/opt/logstash/etc/certs/MY_CA_Chain.pem"

    }

}


(Bob) #6

It looks like Kibana 4.5.0 can now read a .pem file with multiple certs in the chain. No need to split the certs into an array.


(system) #7