Securing Elasticsearch/Kibana / "Bad Decrypt" Error

You might even be right.
The problem is, this is a test server running multiple applications at the same time.
Elasticsearch, Kibana, WinlogBeat, Metricbeat but also a SQL server, the Windows Event Collector (WEC) and so on.
Of course, it is difficult to make a clear error analysis.

In this article Michael wrote that it is only a warning, so I continued

In this article it was also about an error with "bad_certificate".
This gave me the idea to add the certificates to the other solutions (WinlogBeat and Metricbeat) first.

Then I started elastisearch and got the bad_certificate message again.
But because it´s only a warning message, I ignored it for now.

[2023-08-18T10:15:05,004][WARN ][o.e.h.AbstractHttpServerTransport] [WXTASK2P] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/172.20.249.89:9200, remoteAddress=/172.20.233.189:61697}io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at io.netty.codec@4.1.86.Final/io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
        at io.netty.codec@4.1.86.Final/io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
        at io.netty.transport@4.1.86.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
        at io.netty.transport@4.1.86.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
        at io.netty.transport@4.1.86.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)

See logs for more details.

Then I just started kibana - and surprise - no more errors
But I still get the message that the Kibana server is not available :frowning:
But the connection is safe.
image

But there seems to be no error message in the kibana-system...?
Here starts my request:
[2023-08-18T10:47:29.452+02:00]

[2023-08-18T10:47:03.321+02:00][DEBUG][plugins-system.standard] Setting up plugin "upgradeAssistant"...
[2023-08-18T10:47:03.321+02:00][DEBUG][plugins.upgradeAssistant] Initializing plugin
[2023-08-18T10:47:03.327+02:00][DEBUG][plugins-system.standard] Setting up plugin "monitoring"...
[2023-08-18T10:47:03.328+02:00][DEBUG][plugins.monitoring] Initializing plugin
[2023-08-18T10:47:03.337+02:00][DEBUG][plugins-system.standard] Setting up plugin "logstash"...
[2023-08-18T10:47:03.338+02:00][DEBUG][plugins.logstash] Initializing plugin
[2023-08-18T10:47:03.339+02:00][DEBUG][plugins.logstash] Setting up Logstash plugin
[2023-08-18T10:47:03.341+02:00][DEBUG][plugins-system.standard] Setting up plugin "enterpriseSearch"...
[2023-08-18T10:47:03.342+02:00][DEBUG][plugins.enterpriseSearch] Initializing plugin
[2023-08-18T10:47:03.345+02:00][DEBUG][plugins.customIntegrations] Integration with id=ms_sql already exists.
[2023-08-18T10:47:03.414+02:00][DEBUG][plugins-system.standard] Setting up plugin "apm"...
[2023-08-18T10:47:03.415+02:00][DEBUG][plugins.apm] Initializing plugin
[2023-08-18T10:47:03.426+02:00][DEBUG][plugins.apm] Register task "apm-source-map-migration-task"
[2023-08-18T10:47:03.426+02:00][DEBUG][plugins-system.standard] Setting up plugin "visTypeGauge"...
[2023-08-18T10:47:03.427+02:00][DEBUG][plugins.visTypeGauge] Initializing plugin
[2023-08-18T10:47:03.431+02:00][DEBUG][plugins-system.standard] Setting up plugin "dataViewManagement"...
[2023-08-18T10:47:03.432+02:00][DEBUG][plugins.dataViewManagement] Initializing plugin
[2023-08-18T10:47:03.572+02:00][DEBUG][plugins.screenshotting.config] Running on OS: 'Win32'
[2023-08-18T10:47:03.572+02:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox.
[2023-08-18T10:47:03.584+02:00][DEBUG][plugins.reporting] Setup complete
[2023-08-18T10:47:03.585+02:00][DEBUG][core-app] Setting up core app.
[2023-08-18T10:47:03.608+02:00][DEBUG][root] starting root
[2023-08-18T10:47:03.609+02:00][DEBUG][server] starting server
[2023-08-18T10:47:03.618+02:00][DEBUG][plugins.taskManager] status core.status.derivedStatus now set to unavailable
[2023-08-18T10:47:03.619+02:00][DEBUG][status] Recalculated core overall status
[2023-08-18T10:47:03.628+02:00][INFO ][plugins.screenshotting.chromium] Browser executable: C:\_Mon\k\x-pack\plugins\screenshotting\chromium\chrome-win\chrome.exe
[2023-08-18T10:47:07.010+02:00][DEBUG][metrics.ops] memory: 277.0MB uptime: 0:00:30 load: [0.00,0.00,0.00] mean delay: 15.850 delay histogram: { 50: 15.630; 95: 16.056; 99: 22.692 }
[2023-08-18T10:47:12.017+02:00][DEBUG][metrics.ops] memory: 277.1MB uptime: 0:00:35 load: [0.00,0.00,0.00] mean delay: 15.697 delay histogram: { 50: 15.630; 95: 15.770; 99: 16.695 }
[2023-08-18T10:47:17.023+02:00][DEBUG][metrics.ops] memory: 277.2MB uptime: 0:00:40 load: [0.00,0.00,0.00] mean delay: 15.741 delay histogram: { 50: 15.630; 95: 15.753; 99: 17.662 }
[2023-08-18T10:47:22.033+02:00][DEBUG][metrics.ops] memory: 277.2MB uptime: 0:00:45 load: [0.00,0.00,0.00] mean delay: 15.713 delay histogram: { 50: 15.630; 95: 15.729; 99: 17.744 }
[2023-08-18T10:47:27.046+02:00][DEBUG][metrics.ops] memory: 225.2MB uptime: 0:00:50 load: [0.00,0.00,0.00] mean delay: 16.017 delay histogram: { 50: 15.630; 95: 15.933; 99: 28.393 }
[2023-08-18T10:47:29.452+02:00][DEBUG][http.server.response] GET /login?next=%2F 200 33ms - 88.1KB
[2023-08-18T10:47:29.508+02:00][DEBUG][http.server.response] GET /node_modules/@kbn/ui-framework/dist/kui_light.min.css 304 7ms
[2023-08-18T10:47:29.509+02:00][DEBUG][http.server.response] GET /ui/legacy_light_theme.min.css 304 7ms
[2023-08-18T10:47:29.530+02:00][DEBUG][http.server.response] GET /bootstrap.js 304 3ms - 3.8KB
[2023-08-18T10:47:30.055+02:00][DEBUG][http.server.response] GET /translations/en.json 304 3ms - 29.0B
[2023-08-18T10:47:30.132+02:00][DEBUG][http.server.response] POST /api/core/capabilities 200 5ms - 46.0B
[2023-08-18T10:47:30.189+02:00][DEBUG][http.server.response] GET /internal/interactive_setup/status 503 2ms - 30.0B
[2023-08-18T10:47:30.240+02:00][DEBUG][http.server.response] GET /ui/fonts/roboto_mono/RobotoMono-Regular.ttf 304 4ms
[2023-08-18T10:47:32.056+02:00][DEBUG][metrics.ops] memory: 220.4MB uptime: 0:00:55 load: [0.00,0.00,0.00] mean delay: 16.059 delay histogram: { 50: 15.630; 95: 16.892; 99: 30.179 }
[2023-08-18T10:47:32.302+02:00][DEBUG][status] Recalculated overall status
[2023-08-18T10:47:32.709+02:00][DEBUG][status] Recalculated overall status
[2023-08-18T10:47:33.256+02:00][DEBUG][status] Recalculated overall status
[2023-08-18T10:47:37.060+02:00][DEBUG][metrics.ops] memory: 222.5MB uptime: 0:01:00 load: [0.00,0.00,0.00] mean delay: 15.691 delay histogram: { 50: 15.630; 95: 15.704; 99: 19.399 }
[2023-08-18T10:47:42.086+02:00][DEBUG][metrics.ops] memory: 222.6MB uptime: 0:01:05 load: [0.00,0.00,0.00] mean delay: 15.632 delay histogram: { 50: 15.630; 95: 15.745; 99: 15.909 }
[2023-08-18T10:47:47.092+02:00][DEBUG][metrics.ops] memory: 222.9MB uptime: 0:01:10 load: [0.00,0.00,0.00] mean delay: 15.695 delay histogram: { 50: 15.630; 95: 15.671; 99: 17.793 }
[2023-08-18T10:47:52.097+02:00][DEBUG][metrics.ops] memory: 222.9MB uptime: 0:01:15 load: [0.00,0.00,0.00] mean delay: 15.639 delay histogram: { 50: 15.630; 95: 15.671; 99: 15.753 }

It seems to be that everything is okay, but it doesn´t work :face_with_raised_eyebrow: