Unable to connect to Elastic Search from Kibana

Hi Everyone,

I am running elasticsearch and kibana 7.1 on my local and trying to establish connectivity from Kibana to elastic search post enabling https on elastic search.

Kibana is reporting the below error

Blockquote
[09:01:44.195] [error][data][elasticsearch] Request error, retrying GET https://localhost:9200/_xpack => self signed certificate[09:01:44.195] [error][data][elasticsearch] Request error, retrying GET https://localhost:9200/_xpack => self signed certificate

Below are the configurations on Kibana and elastic
Kibana
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.ssl.certificateAuthorities: [ "C:\MyFolder\PRD\thisFolder\kibana-7.1.1-windows-x86_64\config\elastic.cer" ]
elasticsearch.ssl.verificationMode: certificate

Elasticsearch
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elsecert
xpack.security.http.ssl.truststore.path: elsecert
xpack.security.http.ssl.client_authentication: optional

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elsecert
xpack.security.transport.ssl.truststore.path: elsecert

Hi @JishnuD, welcome to the discussion boards!

What is the file format of C:\MyFolder\PRD\thisFolder\kibana-7.1.1-windows-x86_64\config\elastic.cer? Typically, .cer is used for DER encoded certificates, but Kibana requires these to be specified in the PEM format.

Can you ensure/convert this certificate to PEM?

Hi Larry,

I had also tried with a pem file, which i generated using openssl on the PKCS#12 cert store generated for elastic search. The elsecert in the ElasticSearch config is the PKCS#12 cert store.
However, it produces the same error trace.
If i do set the verificationmode as none, kibana works as expected and i am able to setup connection to elasticsearch

@Larry_Gregory I was able to resolve all issues after following the steps outlined in https://www.elastic.co/blog/elasticsearch-security-configure-tls-ssl-pki-authentication

Marking the issue as resolved . Thanks for your help !

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.