Hello,
I have successfully completed the stack securing tutorial up to step 4.
I did step 5 in its entirety, following all the steps, but kibana can no longer connect to elasticsearch. I get the error: Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain
By curling the new certificate, I'm able to access Elasticsearch correctly. But when I launch Kibana, it doesn't work.
nathan.kulczyki@mb4soc02:~/fleet-install-files$ sudo curl --cacert /etc/elasticsearch/certs/elastic-certificates.crt -u elastic:$ELASTIC_PASSWORD https://160.98.47.51:9200
{
“name” : ‘mb4soc02’,
“cluster_name” : ‘elasticsearch’,
“cluster_uuid” : ‘HcfhszuWSI6GwjQRurbAeQ’,
“version” : {
“number” : ‘8.15.3’,
“build_flavor” : ‘default’,
“build_type” : ‘deb’,
“build_hash” : ‘f97532e680b555c3a05e73a74c28afb666923018’,
“build_date": ‘2024-10-09T22:08:00.328917561Z’,
“build_snapshot” : false,
“lucene_version” : ‘9.11.1’,
“minimum_wire_compatibility_version” : ‘7.17.0’,
“minimum_index_compatibility_version” : ”7.0.0”
},
“tagline” : ”You Know, for Search”
}
I can't locate where the problem is in the Kibana configuration. I've checked whether kibana has the necessary certificate access and it does.
Could you help me debug this? I confess I don't understand... I'll leave you my Elastic config files
Thanks in advance
Kibana.yml :
server.ssl.certificate: /etc/kibana/kibana-server.crt
server.ssl.key: /etc/kibana/kibana-server.key
server.ssl.enabled: true
xpack.security.encryptionKey: 3zuydhc1ro6rv0g08zrcv4z3eaarf0rz
# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
# your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "67DfNN9WzG+PPyIr2JIv"
elasticsearch.ssl.certificateAuthorities: [/etc/kibana/elasticsearch-ca.pem]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none
# This section was automatically generated during setup.
elasticsearch.hosts: ['https://160.98.47.51:9200']
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3MzAyODcwNDQxNjM6cmdVWGJwN1dTMlNIYWxzdXo5eTBkdw
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1730287045477.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://160.98.47.51:9200'], ca_trusted_fingerprint: dbe08eab145e4ecbcc73376b01e80510848a4806d3246b68931fd376bf53ea5d}]
Elasticsearch :
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
#keystore.path: certs/http.p12
keystore.path: /etc/elasticsearch/certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
truststore.path: /etc/elasticsearch/certs/elastic-stack-ca.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["mb4soc02"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0