[KIBANA][Rules and Connectors] You must enable Transport Layer Security

Dear Elastic Community,

I am writing to request for your help.
I am currently running an ELK stack on latest version (7.14) on a standalone CentOS 7 server.

I would like to use the Rules and Connectors functionality but I am struggling to get it working.

I understood that I need to activate TLS communication between Kibana and Elasticsearch and also generate an API Key on kibana side to make it works.

Here are the configuration files:
elasticsearch.yml:

#SSL config:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/http.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/http.p12

# Disable API key:
xpack.security.authc.api_key.enabled: false

kibana.yml:

 elasticsearch.hosts: ["https://{SERVER_PRIVATE_IP}:9200"]
 elasticsearch.ssl.certificateAuthorities: /etc/kibana/elasticsearch-ca.pem
 elasticsearch.ssl.verificationMode: certificate
 
 xpack.encryptedSavedObjects.encryptionKey: "a0d93b89eb18100a23b3bf7b9f69951f"

The SSL configuration works fine. I also had to update logstash output config to connect to Elasticsearch via https.

The interface still shows the

You must enable Transport Layer Security
Alerting relies on API keys, which require TLS between Elasticsearch and Kibana.

I have raised kibana's log level but I see nothing wrong:

logging.verbose: true

I do not know what I am missing.

Do you have any idea what could be my problem?

Many thanks in advance for your help.

Kind regards,

Patrick

Welcome to our community! :smiley:

Can you share your Elasticsearch and Kibana logs from when they startup?
Feel free to use gist/pastebin/etc if they don't fit here.

You explicitly disabled API key but Kibana laerts requires API keys to work as it says in the error message:

Alerting relies on API keys
1 Like

In case anyone is interested,
We just had a fairly lengthy conversation on this and this thread

2 Likes

Hi Yang_Wang,

Indeed that was it.
I tested it because it was advised somewhere in the documentation but forgot to remove it.

Many thanks!

Best regards,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.