Kibana not trusting my elasticsearch/shield CA

bblank · March 15, 2016, 4:36pm

I have Elasticsearch up an running with Shield and SSL using local authentication. The browser on my workstation trusts the site when I go to https://myserver.mydomain.com:9200

I have updated the Kibana.yml file:
elasticsearch.url: "https://myserver.mydomain.com:9200/"
elasticsearch.ssl.ca: /opt/elasticsearch/config/shield/Chain.pem (This is the certificate chain for my internal CA)

Kibana won't connect to Elasticsearch unless I add the:
elasticsearch.ssl.verify: false

What am I missing? What CA store is Kibana trying to use?

Thanks for any advice.

jaymode · March 18, 2016, 9:59am

Hi Bob,

You mentioned a cert chain, which implies you have more than a single cert in that file. I believe you need to specify each certificate separately due to the way node.js works. Something like:

elasticsearch.ssl.ca: [ "/path/to/root.pem", "/path/to/intermediate.pem" ]

-Jay

bblank · March 18, 2016, 2:00pm

Yes. We do have a cert chain and your suggestion worked! Thanks!
Bob.

dfr0 · March 22, 2016, 3:57am

I'm for example used my logstash-forwarder certificate

bblank · March 22, 2016, 12:59pm

For logstash to elasticsearch over SSL, keep your CA certificate chain in ONE PEM file. Here is a sample from my logstash.conf file:

output {

    elasticsearch {
            hosts => ["https://elastic.mydomain.com:9200"]
            user => myuser
            password => mypassword
            ssl => true
            cacert => "/opt/logstash/etc/certs/MY_CA_Chain.pem"

    }

}

bblank · April 28, 2016, 6:18pm

It looks like Kibana 4.5.0 can now read a .pem file with multiple certs in the chain. No need to split the certs into an array.