Kibana URL shows “Not Secure” when HTTPS enabled

Elastic Stack Kibana
1

image

Please help me!

2

I followed this video to enable https

3

This is because you are generating and using a self signed certificate. The video explains this at 5:20.
You'll need to get a proper certificate signed by a trusted CA to remove those warnings.

4

You'll need to get a proper certificate signed by a trusted CA to remove those warnings.
Can you guide me on this part?

5

cert CN name not the ip change it.

6

That is a bit beyond the support we offer and my knowledge, but in general you'll need to find a Certificate Authority (CA) in your country or nearby and buy a signed certificate from them.

7

Is there any way to avoid using CA certificates?

8

No, other than do not use HTTPS

9

Hi Stephenb,
After I finished like the video:

Now what should I do next, I haven't found the right instructions yet
Can I create a CA certificate for free Lets Encrypt?

10

What OS is your browser on?
If Mac add it to your Key Chain

If you followed the video that creates a self signed cert as long as you say ok you should be fine for testing.

Yes it is what I do...

If you own a domain and create a Publicly signed Let's Encrypt Cert for that domain then then the CA is officially publicly signed will be accepted by your system and you won't get the error.

This is normal cert stuff, but we do not really teach that here it is no different than a cert for a webserver etc.

Find a friend or someone that is familiar with certs creation with Let's Encrypt

11

Hi Stephenb,
I'm installing the ELK suite on a CentOS 8 virtual machine
Do you have any instructions for creating certificates with Let's Encrypt?
Thank you!

12

No not really.

Is this on a cloud provider?

They can also generate certs.

I use certbot

13

Hi Stephenb,

I'm having problems
After I have the CA as a .cer file
How do I install SSL into kibana.yml

Method 1: convert .cer file to .key and .crt
Method 2: convert .cer file to .pem
I don't know what to do next.

Please help me

14

Hi Miltonhultgren,

I'm having problems
After I have the CA as a .cer file
How do I install SSL into kibana.yml

Method 1: convert .cer file to .key and .crt
Method 2: convert .cer file to .pem
I don't know what to do next.

Please help me!

15

I'm not a security expert so I'm hesitant to offer advice.

My understanding is that you should have three files:

  1. The certificate for your specific instance (.crt)
  2. The key to the certificate in 1 (.key)
  3. The certificate for your CA chain (.crt)

I don't know what files you have obtained and how but once you have those files, your config will look like this:

server.ssl.certificate: /path/to/file/1.crt
server.ssl.key: /path/to/file/2.key
server.ssl.certificateAuthorities: /path/to/file/3.crt

If you have bought a certificate from a CA you should reach out to their support to get help with obtaining the right files to use. That is not something we can help you with.

16

OK I understand
Thank you for your help!

17

Hi Miltonhultgren,

I have found the right direction
Install nginx as a reverse proxy and put kibana ssl in the nginx.conf file. But currently kibana port is 80 which coincides with nginx port. I changed the port in the kibana.yml file to the default 5601 and got this error, the web interface is not displayed. Check netstat, kibana has received port 5601. Please help me!

image
image1660×263 90.2 KB

18

HI @stephenb and @miltonhultgren ,
Please help me!

19

Hi @Nghia_D_ng
Unfortunately I am not an nginx expert.

But please don't paste images of text. It's really hard to read and can't be searched or debugged... It makes it much harder for people to help.

We can't even see the whole error messages

Perhaps look at this

1 Like
20

Hi @stephenb ,

<Sep 27 17:14:31 Kibana kibana[1251275]: {"type":"log","@timestamp":"2023-09-27T10:14:31Z","tags":slightly_frowning_face:"error","plugins","reporting","validations"],"pid":1251275,"message":"The Reporting plugin encountered issues launching Chromium in a self-test. You may have trouble generating reports."}>

<Sep 27 17:14:31 Kibana kibana[1251275]: {"type":"log","@timestamp":"2023-09-27T10:14:31Z","tags":slightly_frowning_face:"error","plugins","reporting","validations"],"pid":1251275,"message":"ErrorEvent {\n target:\n WebSocket {\n _events:\n [Object: null prototype] { open: [Function], error: [Function] },\n _eventsCount: 2,\n _maxListeners: undefined,\n readyState: 3,\n protocol: '',\n _binaryType: 'nodebuffer',\n _closeFrameReceived: false,\n _closeFrameSent: false,\n _closeMessage: '',\n _closeTimer: null,\n _closeCode: 1006,\n _extensions: {},\n _receiver: null,\n _sender: null,\n _socket: null,\n _isServer: false,\n _redirects: 0,\n url:\n 'ws://127.0.0.1:45265/devtools/browser/3f83980b-db25-4b6b-a162-1aacefb57be4',\n _req: null },\n type: 'error',\n message :'socket hang up',\n error:\n { Error: socket hang up\n at createHangUpError (_http_client.js:332:15)\n at Socket.socketOnEnd (_http_client.js:435:23)\n at Socket.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19) at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19) code: 'ECONNRESET' } }"}>

<Sep 27 17:14:31 Kibana kibana[1251275]: {"type":"log","@timestamp":"2023-09-27T10:14:31Z","tags":slightly_frowning_face:"error","plugins","reporting","validations"],"pid":1251275,"message":"Error: Could not close browser client handle!\n at browserFactory.test.then.browser (/u01/kibana-7.9.0-linux-x86_64/x-pack/plugins/reporting/server/lib/validate/validate_browser.js:26:15)\n at process._tickCallback (internal>>

<Sep 27 17:14:31 Kibana kibana[1251275]: {"type":"log","@timestamp":"2023-09-27T10:14:31Z","tags":slightly_frowning_face:"warning","plugins","reporting","validations"],"pid":1251275,"message":"Reporting plugin self-check generated a warning: Error: Could not close browser client handle!"}>