Unable to connect to Elastic Search from Kibana

Hi Everyone,

I am running elasticsearch and kibana 7.1 on my local and trying to establish connectivity from Kibana to Elasticsearch post enabling https on Elasticsearch.

Kibana is reporting the below error

Blockquote
[09:01:44.195] [error][data][elasticsearch] Request error, retrying GET https://localhost:9200/_xpack => self signed certificate[09:01:44.195] [error][data][elasticsearch] Request error, retrying GET https://localhost:9200/_xpack => self signed certificate

Below are the configurations on Kibana and elastic
Kibana
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.ssl.certificateAuthorities: [ "C:\MyFolder\PRD\thisFolder\kibana-7.1.1-windows-x86_64\config\elastic.cer" ]
elasticsearch.ssl.verificationMode: certificate

Elasticsearch
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elsecert
xpack.security.http.ssl.truststore.path: elsecert
xpack.security.http.ssl.client_authentication: optional

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elsecert
xpack.security.transport.ssl.truststore.path: elsecert

Hi @JishnuD, welcome to the discussion boards!

What is the file format of C:\MyFolder\PRD\thisFolder\kibana-7.1.1-windows-x86_64\config\elastic.cer? Typically, .cer is used for DER encoded certificates, but Kibana requires these to be specified in the PEM format.

Can you ensure/convert this certificate to PEM?

Hi Larry,

I had also tried with a pem file, which i generated using openssl on the PKCS#12 cert store generated for elastic search. The elsecert in the ElasticSearch config is the PKCS#12 cert store.
However, it produces the same error trace.
If i do set the verificationmode as none, kibana works as expected and i am able to setup connection to elasticsearch

@Larry_Gregory I was able to resolve all issues after following the steps outlined in https://www.elastic.co/blog/elasticsearch-security-configure-tls-ssl-pki-authentication

Marking the issue as resolved . Thanks for your help !

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.