Secure browser to kibana

headtea · August 3, 2020, 2:47pm

I'm following this documentation page for securing communications between the browser and kibana. I'm a little confused as the documentation suggests createing a csr while later in the line ( and in kibana.yml) it expects a crt: https://i.imgur.com/8Dbdwnx.png

What I did is I ran this command:

 bin/elasticsearch-certutil csr -name kibana-server -dns elk.companyname.net

And in kibana.yml I added:

server.ssl.enabled: true
server.ssl.certificate: /usr/share/elasticsearch/kibana-server/kibana-server.csr
server.ssl.key: /usr/share/elasticsearch/kibana-server/kibana-server.key

Then: systemctl restart kibana

But in the browser when I enter https://elk.companyname.net or https://elk.companyname.net:5601 it doesn't work, even though I made sure dns points correcntly.

Does anyone know what's wrong? Is it because of the csr/crt missmatch? Thanks ahead!

nickpeihl · August 3, 2020, 9:51pm

Hi @headtea. We have a detailed blog post for setting up security with Elasticsearch and Kibana which you might find useful.

headtea · August 4, 2020, 11:11am

Thank you for the response,

I've read it and couldn't find the part where kibana is secured because in the docs it says to enable server.ssl.certificate in kibana.yml.

I'm a little confused as it the command in the docs suggest:

bin/elasticsearch-certutil csr -name kibana-server -dns some-website.com,www.some-website.com

creates a .csr file while it seems like it expects an .crt?

headtea · August 4, 2020, 1:19pm

I've discovered that I need to create an .crt and .key from the new .csr I have. Only thing is, even after looking at the elasticsearch-certutil documentation I'm just not sure what parameters to use. All the files and clusters are located on one machine.

headtea · August 5, 2020, 10:07am

EDIT: SOLVED:

Literally just took our company's .crt and .key from another server. scp'd it locally to a directory that is open for everyone, gave it 777 permissions, chown'd it to kibana:kibana and in kibana.yml:

server.ssl.enabled: true
server.ssl.certificate: /etc/elk/2020_companyname.crt
server.ssl.key: /etc/elk/wildcardcompanyname.key

system · September 2, 2020, 10:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana https ssl crt not working Kibana	3	1306	April 22, 2020
How to enable SSL (https) for Kibana? Kibana	8	25661	April 20, 2020
Generating A Certificate From The CA I Made Through Elasticsearch Elasticsearch elastic-stack-security	4	5694	February 1, 2022
Encrypting communications in Kibana Kibana elastic-stack-security	5	4729	July 19, 2019
How to use EXISTING multi-domain SSL cert to secure Kibana Kibana elastic-stack-security	10	386	November 21, 2022

Secure browser to kibana

EDIT: SOLVED:

Related topics