Self-signed certificate in the chain

Hey everyone! How have you been?

I configured the SSL for the Elastic cluster using the elasticsearch-certutil. So far, elasticsearch nodes can reach out each other, the Kibana can communicate with them and both are being accessed with https, but I am having a problem with integrations/fleet.

When I try to open the page nothing loads and in the logs I can see "Self-signed certificate in the chain". I set in kibana.yml the entry for kibana to trust in the Elastic certirficate (elasticsearch.ssl.certificateAuthorities: /etc/kibana/elasticsearch-ca.pem) file gererated when running elasticsearch-certutil http.
Both Kibana and ES nodes are CentOS.

I also configured the proxy I am using with xpack.fleet.registryProxyUrl.

Could anyone help me to solve that?

I followed these two pages of documentation: Set up basic security for the Elastic Stack | Elasticsearch Guide [8.6] | Elastic and Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.6] | Elastic

Does this mean you try to reach kibana's URL using a browser? If so, what certificate is used by Kibana itself (configured with Kibana settings like server.ssl.certificate and server.ssl.key)? If the certificate is self-signed, browsers won't automatically accept them. Unless this is a dev environment, you might want to consider using certs signed by a trusted CA as suggested by the doc.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.