RHEL7 Elastic Stack 6.7.1 Not using X-Pack. (following this guide)
I'm having trouble configuring SSL on Kibana over 5601. First I generated a key and then I generated a CSR and sent it to the CA. I retrieved the cert and have two available certs. Base 64 encoded and Base 64 encoded with CA certificate chain in pkcs7 format.
I retrieved both, put the Base64 in a mycert.cer file, put the pcks7 one in a mycert.p7b file. Converted the pcks7 into pem with
openssl pkcs7 -print_certs -in /etc/kibana/certs/mycert.p7b -out /etc/kibana/certs/mycert.pem
I put/made sure that .key, .cer and .pem were in the /etc/kibana/cert folder and changed ownership:group to kibana.
in kibana.yml I put
server.ssl.enabled: true
server.ssl.certificate:/etc/kibana/certs/mycert.cer
server.ssl.key: /etc/kibana/certs/mycert.key
elasticsearch.ssl.certificate: /etc/kibana/certs/mycert.pem
Originally i created the CSR with a CN of
myhost.mydomain.tld
then after it failed i created one with
https://myhost.mydomain.tld:5601
When I try to start Kibana i get an error message of:
digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
In trying to search on the subject I see that it can be caused by incompatible OpenSSL versions - but i'm on the same system so that seems unlikely.
--update--
to add to this, i created a self-signed ca and cert to use and it worked fine. When I compare the self-signed ca-cert to the PKCS7 one it's quite a bit different, the PEM converted PKCS7 contains the system cert, and all intermediate ones.