Hello,
I’ve been struggling for some time with the SSL configuration of Kibana.
I need to set the elasticsearch.ssl.verificationMode on "full" or on "certificate" but Kibana is only working in "none".
When I start the service I get the following error :
“Unable to retrieve version information from Elasticsearch nodes. Unable to get issuer certificate.”
I must censor some parts of the configurations.
I change the certs for the ones from my company.
I’m working on the version 8.3.2
The system isn’t allowed to connect to the Internet for security reasons.
Here are the configuration of Elasticsearch and Kibana :
elasticsearch.yml :
cluster.name: "*******"
node.name: "*******-1"
path.data: /elk/elasticsearch/data
path.logs: /elk/elasticsearch/log
http.port: ****
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: /etc/elasticsearch/certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
truststore.path: /etc/elasticsearch/certs/*********.p12
cluster.initial_master_nodes: ["ELK"]
http.host: 0.0.0.0
xpack.monitoring.collection.enabled: true
kibana.yml :
server.port: ****
server.host: 0.0.0.0
server.name: *******
server.ssl.certificate: "/etc/kibana/certs/kibana-server.crt"
server.ssl.key: "/etc/kibana/certs/kibana-server.key"
server.ssl.enabled: true
elasticsearch.hosts: ["https://***.***.***.***:****"]
elasticsearch.serviceAccountToken: "*************************************"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/elasticsearch-ca.pem" ]
elasticsearch.ssl.verificationMode: full
logging.appenders.file.type: file
logging.appenders.file.fileName: /elk/kibana/log/kibana.log
logging.appenders.file.layout.type: json
logging.root.appenders: [default, file]
path.data: /elk/kibana/data
pid.file: /run/kibana/kibana.pid
I’m a bit new to Elastic especially to the SSL part so the solution to my problem might be simple but I don’t see it. I tried solutions from previous topics but they didn't work.
Thanks.