ES is running in Linux on port 9200 and using firewall rules all incoming request to port 443 are redirected to port 9200 using below commands (It’s because only 443 connections are allowed to this server)
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 9200
firewall-cmd --permanent --direct --add-rule ipv6 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 9200
firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d 10.51.222.6 --dport 443 -j REDIRECT --to-ports 9200
firewall-cmd --permanent --direct --add-rule ipv6 nat PREROUTING 1 -p tcp -d 10.51.222.6 --dport 443 -j REDIRECT --to-ports 9200
SSl is enabled in ES and accessing ES from a browser as https://esalias.company.com works with not cert error. But Kibana throws error “unable to get issuer certificate” and kibana login screen is disabled with the message “Login is currently disabled..”
Kibana config is
---
elasticsearch.url: "https://esalias.company.com:443"
elasticsearch.username: elastic
elasticsearch.password: elastic
server.host: kibanaalias.company.com
server.name: kibanadev
server.port: 443
server.ssl.certificate: "C:\\kibana\\config\\certs\\certificate.pem"
server.ssl.enabled: true
server.ssl.key: "C:\\kibana\\config\\certs\\secret.key"
logging.dest: "C:\\kibana\\logs\\kibana.log"
The error I see in the log file is
"tags":["error","elasticsearch","admin"] Request error, retrying\nHEAD https://esalias.company.com/ => unable to get issuer certificate
"tags":["warning","elasticsearch","admin"],"pid":153552,"message":"Unable to revive connection: https://esalias.company.com/"}
And if I remove 443 from kibana config elasticsearch.url: "https://esalias.company.com", Kibana automatically appends the default port 9200 to the ES url while connecting and it fails with error message - connect ETIMEDOUT
I really appreciate any idea to fix this issue.