Kibana URL Error on HTTPS Connection: Refuse To Execute Inline Scripts Because Its Violate The Following Content Security Policy Directive And Failed To Fetch JS Pages

HI Team
We are installing the ELK Docker Image 8.0.0 with configuring SSL security in ELK Cluster. Configured Kibana.yml file with below settings

SERVER_SSL_ENABLE= true
SERVER_SSL_CERTIFICATE=config/cert/server/server.crt
SERVER_SSL_KEY= config/cert/server/server.key
ELASTICSEARCH_SSL_CERTIFICATE=config/cert/client/client.crt
ELASTICSEARCH_SSL_KEY= config/cert/client/client.key
ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES = [“config/certs/signer/CA.crt”, “config/certs/signer/CA_ROOT.crt”]

Now after starting Docker container, Kibana is available buts its giving a HTTPS Non Secure Error even through our Signers are trusted organization certificates. After analyzing more into this issues in Kibana HTML page, we have found that, its giving error for : “Refuse To Execute Inline Scripts Because Its Violate The Following Content Security Policy Directive”. Kibana is not able to call those inline embedded script and JavaScript’s Pages on HTTPS connection.

We have passed the environment variable: XPATH_SECURITY_SAMESITECOOKIES=None, its simple showing exception for not loading JS pages and can’t login into Kibana.

Kibana is working fine on HTTPS with Elasticsearch generated CA certificate and data is loading fine from Beats but not on Trusted Organization Certificates.

We have installed/configured the Organization CA, Elasticsearch CA, Organization Certificate in Manage User Certificate section in local machine.

Please let us know on below queries:

  1. How to bring Kibana on Secure HTTPS connection using Organization Trusted CA signer and certificate.
  2. Our Trusted CA has two .crt file (Root and Intermediate). Is it correct to mention in ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES like configured above. Do we have to store and deploy these Organization Signer in Elasticsearch Keystore.




This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.