Unable to connect kibana after encryption?

I have done the encryption ( ssl ) ... now my elasticsearch link is https://localhost:9200

I mentioned this link with https in kibana.yml.. Now im unable to start kibana.. im getting errors like:

 "error","node_env":"production","error":"Request error, retrying -- DEPTH_ZERO_SELF_SIGNED_CERT"}

"No living connections","node_env":"production"

Can you please help me

Perpaps it's not liking your self-signed cert. Try using these additional settings in kibana.yml, in particular disabling ssl cert validation, if needed, during testing:

verify_ssl: false
ca: /link/to/my/cacert.pem
ssl_key_file: /link/to/my/server.key
ssl_cert_file: /link/to/my/server.crt

More info on these settings here: Configure Kibana | Kibana Guide [8.11] | Elastic

Everything is fine in kibana as in that link.. If i disable everything regarding ssl also showing same error... I think main problem is near https://localhost:9200

Its not connecting to elasticsearch.

"level":"info","message":"Unable to connect to elasticsearch at https://localhost:9200. Retrying in 2.5 seconds.","node_env":"production"}

If im giving verify_ssl: false its showing me very big error...

What error is it showing when all SSL is turned off?

Btw, how are you security Elasticsearch, using Shield? If so, you may consider also posting your question to the Shield room: https://discuss.elastic.co/c/shield

This is the error im getting if i make ssl false

,"level":"error","message":"Service Unavailable","node_env":"production","error":{"message":"Service Unavailable","name":"Error","stack":"Error: Service Unavailable\n  at respond (/home/ubuntu/kibana-4.0.2-linux-x64/src/node_modules/elasticsearch/src/lib/transport.js:235:15)\n  at checkRespForFailure (/home/ubuntu/kibana-4.0.2-linux-x64/src/node_modules/elasticsearch/src/lib/transport.js:203:7)\n  at HttpConnector.<anonymous> (/home/ubuntu/kibana-4.0.2-linux-x64/src/node_modules/elasticsearch/src/lib/connectors/http.js:156:7)\n  at IncomingMessage.bound (/home/ubuntu/kibana-4.0.2-linux-x64/src/node_modules/elasticsearch/node_modules/lodash-node/modern/internals/baseBind.js:56:17)\n  at IncomingMessage.emit (events.js:117:20)\n  at _stream_readable.js:944:16\n  at process._tickCallback (node.js:442:13)\n"}}

503 Service Unavailable - means Elasticsearch is up, but unavailable for some reason and can not handle requests.

We are working on more graceful error pages:

Hey @tbragin, Now my elasticsearch status is 200..

Now if commented ssl:true.. then kibana is starting...

When im accessing to kibana im getting error

If i enable ssl:true...its not starting.

Could you share your kibana.yml and elasticsearch.yml? Feel free to just DM me with this info.

I downloaded elasticsearch.yml. Looks like the kibana link also points to Elasticsearch?

Ok, both downloaded... looking.

Which versions of ES, Kibana, and Shield are you running?

Kibana - 4.0.2

Elasticsearch 1.5

shield - latest version ( 1.3 i think )

Before everything was fine.. one day back i created ca certificate and done encryption.. after that only im getting problem..

Got it. So with Shield on, but without encryption everything still functioned ok, right?

Your configs look similar to mine (though not identical). Let me upgrade my setup to Shield 1.3 and let you know if I experience the same problem. It's a holiday in the US, so I'll try to get back to you later today or this weekend.

Yes after encryption only im getting problem.

Thanq very much for your support... please let me know once its is done... thanq

i used this command to download shield.. I dont know accurate version of shield..

bin/plugin -i elasticsearch/shield/latest

Ok, so I'm now running ES 1.6, Kibana 4.1, and Shield 1.3 and it seems to work with encryption on.

Here are my differences from your setup:

elasticsearch.yml
shield.ssl.keystore.path: path/node01.jks
shield.ssl.keystore.password: password
shield.ssl.truststore.path: path/truststore.jks
shield.ssl.truststore.password: password
shield.transport.ssl: true
shield.http.ssl: true
shield.ssl.hostname_verification: false
shield.ssl.hostname_verification.resolve_name: false

kibana.yml
port: 5601
host: "0.0.0.0" ---> host: "localhost"
elasticsearch_url: "https://localhost:9200"
elasticsearch_preserve_host: true
kibana_index: ".kibana"
kibana_elasticsearch_username: kibana4_server
kibana_elasticsearch_password: kibana4_server
verify_ssl: true
ca: path/cacert.pem
ssl_key_file: path/server.key
ssl_cert_file: path/server.crt

I don't know if there is anything material different here, but you could try making these changes, perhaps. Turning on encryption is tricky... a lot depends on having set up the certificate properly, which is very environment-specific.

In kibana.yml nothing is different..
In elasticsearch.yml ill add this line

shield.ssl.hostname_verification: false

Ill let you know..

@tbragin
Can you give me the link for generating ssl_key and crt.. I'll generate it again.

I don't think we have specific instructions for generating ssl_key and ssl_cert, as every environment may have different requirements for generating certificates.

So, to summarize, could you paste again the errors you receive in Kibana and Elasticsearch logs, when you turn on encryption, both when ssl_verify is set to "true" and to "false"?