SSL configuration not working in kibana on Linux

Elastic Stack Kibana
1

Hi,
Red Hat Enterprise Linux Server release 7.2 (Maipo)
Kibana-4.3.0-linux-x64
elasticsearch 2.1.1

I am trying to configure ssl on kibana.
The steps I followed:-

  1. Generated private key
    openssl genrsa -out privatekey.key 2048
    The above command created a file names privatekey.key .

  2. Genrated CSR
    openssl req -new -key privatekey.key -out linux.csr
    Entered the details this csr asked. and then linux.csr file was created.

  3. I submitted this linux.csr to my organization and I was issued a certificate certnew.cer
    The certificate contents were like:
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----

  4. Now kibana-4.3.0-linux-x64 folder was present on home path of linux machine
    I made the following changes to kibana.yml file
    ssl.server..cert : certnew.cer
    ssl.server.key : privatekey.key

  5. Now, I start kibana and get the following log:-
    In the log it says:-
    log [17:49:38.853] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
    log [17:49:38.925] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
    log [17:49:38.965] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
    log [17:49:38.977] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
    log [17:49:38.994] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
    log [17:49:39.002] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
    log [17:49:39.009] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
    log [17:49:39.013] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
    log [17:49:39.021] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
    log [17:49:39.046] [info][listening] Server running at https://xx.xx.xx.xxx:8601

  6. In the Browser when I try to open https://xx.xx.xx.xxx:8601. It runs but it is specified as Not secure and https is crossed in red colour.
    Can anybody help me what steps I am missing ?

2

@aviral_srivastava you'll need to install the certificate in your certificate database so that your computer/browsers knows to trust the self-signed certificate. There are a few ways to do so per https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Managing_the_Certificate_Database.html#Installing_Certificates_in_the_Certificate_System_Database

3

Hi Brandon,

I have added the certnew.cer and privatekey.key to all these, but still my kibana runs on Not secure connection :

./etc/pki/nssdb/cert8.db
./etc/httpd/alias/cert8.db
./etc/ipsec.d/cert8.db

Please guide me ?

4

The first step is to dig into the details of that error and see exactly what is causing the problem.

The exact steps will depend on which browser you are running, but you need to pull up the security/certificate details for your site, and see what the browser thinks is wrong.

In recent versions of Chrome that requires opening up the developer tools, and then selecting the "security" tab.

In Firefox, you can click on the Not Secure mark and then navigate through to the certificate details.

Depending on what the browser thinks the problem is, we might be able to offer advice on the next steps to take.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.