On-prem Kibana can't join elastic-package-registry (EPR) behind a proxy due to certificate issue - workaround tested

I have an on-prem stack 8.5.3 on RHEL 8 with high customer's restriction.
Access to internet is done throught a proxy.
Access to epr. elastic.co was opened and tested well with the command:

nc epr.elastic.co 443 -x [PROXY]:8080

I have setup the kibana variable xpack.fleet.registryProxyUrl in the kibana.yml.
But, when I started kibana I had this error in the log:

"message":"Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&experimental=true&kibana.version=8.5.3 failed, reason: write EPROTO 140442458298304:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n","log":{"level":"ERROR","logger":"plugins.fleet"},"process":{"pid":772042},"trace":{"id":"a442a55639a3c988c1b5aaeae4c3e6ea"},"transaction":{"id":"cd123646eda8e425"}}

After a long search I found some tips about the NODE_EXTRA_CA_CERTS variable here

But this not solved my issue.
In the same time, I saw that this variable is link to NodeJS and some other articles refers to another variable here

So I use it and now it's working fine.
This is the detailed fix:
open file /etc/sysconfig/kibana
Add the following line:


Restart Kibana and "Le tour est joué" !
Kibana reach now the EPR and is able to download elastic-agent integrations.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.