TLS Error Calling Webhook Connector from Kibana

Hello -

I'm running Elastic/Kibana version 7.16.2 on Linux with SSL enabled and CA signed certs.

My TLS related Kibana settings are:

server.ssl.enabled: true
server.ssl.certificate: /path/to/server.crt
server.ssl.key: /path/to/server.key
server.ssl.supportedProtocols: ["TLSv1.1", "TLSv1.2"]
elasticsearch.ssl.certificateAuthorities: ["/path/to/ca.crt"]
xpack.encryptedSavedObjects.encryptionKey: somelongstring.....
xpack.action.ssl.verificationMode: certificate

When trying to test my webhook connector from the Kibana Rules and Connectors interface I get the following TLS error:

[ECONNRESET] Client network socket disconnected before secure TLS connection was established

My endpoint is a NiFi server which requires authentication. I can successfully run the following curl command from my Kibana host to the NiFi host:

curl -XPOST --cert /path/to/server.crt --key /path/to/server.key --cacert /path/to/ca.crt 'https://somenifihost:12345'

When running this curl command I see in the NiFi logs that curl is passing my cert. However, when running Test from the Kibana Rules and Connectors interface I see no indication that Kibana is passing a certificate in the NiFi logs.

The error that NiFi is throwing (shown below), is incidental to the error I get if I try and curl to NiFi without any certificates which makes me believe Kibana is not passing the certificate to NiFi. Empty server certificate chain

I increased logging in Kibana but that didn't show me any useful information.

If I set "xpack.actions.ssl.verificationMode: none" and disable authentication in NiFi the webhook works as expected.

Any help would be greatly appreciated.


We support using custom certs in Kibana connectors via the xpack.actions.customHostSettings documented here: Alerting and action settings in Kibana | Kibana Guide [7.17] | Elastic

Note that we don't yet support keys there though.

If bypassing SSL verification mode is ok for this server, but you don't want it set "globally", there is also a customHostSetting you can use for just that host.

You will need to restart Kibana after making the configuration changes.

Understood. Thanks for your response.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.