Hi guys!
I have successfully configured TLS in ELK using a corporate certificates.
Everything works fine:
- Kibana and Elasticsearch is available by https
- Authentication in Kibana is ok
- Certificate is valid
However, SSL errors appear regularly in the logs (see below)
Please tell me what could be the reason?
elasticsearch conf
node.name: <host_name>
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: <host_ip>
http.port: 9200
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/host.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/host.cer
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.cer" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/certs/host.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/host.cer
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.cer" ]
xpack.security.http.ssl.client_authentication: optional
kibana conf
server.port: 5601
server.host: <host_ip>
server.name: "<host_name>"
elasticsearch.hosts: ["https://<host_name>:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: ""
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/host.cer
server.ssl.key: /etc/kibana/certs/host.key
elasticsearch.ssl.certificate: /etc/kibana/certs/host.cer
elasticsearch.ssl.key: /etc/kibana/certs/host.key
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/ca.cer" ]
elasticsearch.ssl.verificationMode: certificate
kibana logs
Sep 09 13:37:01 <host_name> kibana[23263]: {"type":"error","@timestamp":"2020-09-09T10:37:01Z","tags":["connection","client","error"],"pid":23263,"level":"error","error":{"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
Sep 09 13:37:16 <host_name> kibana[23263]: {"type":"error","@timestamp":"2020-09-09T10:37:16Z","tags":["connection","client","error"],"pid":23263,"level":"error","error":{"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
Sep 09 13:38:01 <host_name> kibana[23263]: {"type":"error","@timestamp":"2020-09-09T10:38:01Z","tags":["connection","client","error"],"pid":23263,"level":"error","error":{"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
Sep 09 13:38:16 <host_name> kibana[23263]: {"type":"error","@timestamp":"2020-09-09T10:38:16Z","tags":["connection","client","error"],"pid":23263,"level":"error","error":{"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
Sep 09 13:39:01 <host_name> kibana[23263]: {"type":"error","@timestamp":"2020-09-09T10:39:01Z","tags":["connection","client","error"],"pid":23263,"level":"error","error":{"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
Sep 09 13:39:16 <host_name> kibana[23263]: {"type":"error","@timestamp":"2020-09-09T10:39:16Z","tags":["connection","client","error"],"pid":23263,"level":"error","error":{"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n","name":"Error","stack":"Error: 140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"},"message":"140362884896640:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n"}
...
etc.