SSL Configuration in Kibana

Elastic Stack Kibana
#1

My company has issued an ssl certificate in 3 formats xxxxBase64.cer, xxxxDERCert.cer and xxxx.p7b

Kibana-4.3.0 on linux machine
I want to have ssl configuration for kibana when opened in browser, not for requests between elasticsearch and kibana.
My elasticsearch still runs on http:// and not https://
I have not installed shield neither on elasticsearch nor kibana. I think that ssl configuration on kibana is independent of shield, correct me if I am wrong.

I found two options in kibana
ssl.server.cert
ssl.server.key

Guide me if only these two configuration is sufficient.

My question is the key asked here is private or public key.
If it is private key, then I have read on the net that .p7b files does not contain private key.
I am not able to find solutions to generate .cert and .key from certificates issued to me.

Kindly help

#2

@aviral_srivastava you'll want to convert the certificates into PEM format. You're on the right track for which kibana settings to use, server.ssl.cert and server.ssl.key should be a path to the PEM encoded format of the certificate and key.

The following is an example of converting the xxxxDERCert.cer: openssl x509 -inform der -in xxxxDERCert.cer -out certificate.pem

and you can do a similar thing for the xxxx.p7b with: openssl pkcs7 -print_certs -in xxxx.p7b -out certificate.pem

None of those appear to be the private key.

#3

Hi Brandon_Kobel,

I tried both of your commands:-

  1. In first command , certificate.pem file is not created and there are also no warnings.
  2. In second command for.p7b file I am getting
    unable to load PKCS7 object
    12576:error:0906D06C:PEM routines:PEM_read_bio:no start line:./crypto/pem/pem_lib.c:647:Expecting: PKCS7
    error in pkcs7

And about the private key, how can I check for private key ? or what is telling there is no private key ?

#4

Hi Brandon_Kobel,

I have generated the ssl certificate and key on linux machine.
When I am starting kibana.
In the log it says:-
log [17:49:38.853] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
log [17:49:38.925] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [17:49:38.965] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
log [17:49:38.977] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
log [17:49:38.994] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
log [17:49:39.002] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
log [17:49:39.009] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
log [17:49:39.013] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
log [17:49:39.021] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
log [17:49:39.046] [info][listening] Server running at https://xx.xx.xx.xxx:8601

But on browser, it shows Not secure( in red colour ), although kibana running. Do I need to install the ssl certificate on linux machine too.
Can you guide me with the installation.

#5

@aviral_srivastava yes, you'll have to install the public certificate so Linux recognizes it. Which linux distro are you using?

#6

Hi Brandon,

My Linux distro is :-
Red Hat Enterprise Linux Server release 7.2 (Maipo)

#7

@aviral_srivastava you'll need to install the certificate in your certificate database so that your computer/browsers knows to trust the self-signed certificate. There are a few ways to do so per https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_the_Certificate_Database.html#Installing_Certificates_in_the_Certificate_System_Database

#8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.