Hello, I tried today to setup my ELK stack securely so I followed the documentation and created all certs that I need using the certutil and encrypted the CA and the node cert with passwords. I placed the http.p12 file to /etc/Elasticsearch/certs/ Elasticsearch. Then I updated the keystone as to…

The Kibana enrollment process relies on the configuration that is produced by the auto-generated security (TLS) setup that is included in Elasticsearch 8.0 It is possible to manually configure TLS in a way that meets the requirements for Kibana enrollment, but I don't think we have explicit documen…

Hey thanks for the fast response. The actual reason why I made all this certificates on my own is because I got the following response trying to access the API via https: curl --cacert /Users/martin/Downloads/http_ca.crt -u elastic https://10.24.1.5:9200 Enter host password for user 'elastic': c…

[image] maof97: It seems like the default cert generated does not add the IP/Domain to the Subject-Name field. It only worked if I tried via https://localhost:9200 We do our best to detect all IP addresses of the interfaces that are up when elasticsearch is installed and then use them as IP S…

Yeah because of restrictions I have to install ES using a different interface than the one used in production. Maybe add a feature to specify the production IP address on installation for cases like mine.

Creating this due apt-get install is bad idea. I need do build on dev enviroment, I can't install ELK on prod... after moving I just edit network stuff and should work, but it don't as ELK hardcode IPs etc :frowning:

Apologies but it’s not clear from you comment what your problem is. Please don’t hijack other topics, open a new one and explain in detail what your issue is. We will do our best to help you out

Unable to create an enrollment token for Kibana. "Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate"

Elastic Stack Elasticsearch

Topic		Replies	Views
Needed explanation for keystore's PrivateKey entries Elasticsearch elastic-stack-security	7	232	August 6, 2025
Create enrollment for kibana impossible with certificate Lets Encript Elasticsearch elastic-stack-security	4	1395	November 24, 2022
Creating an enrollment token in Elastic fails due to PrivateKey error Elasticsearch elastic-stack-security	5	2277	September 19, 2022
Cant create enrollment token with own certificates Elasticsearch elastic-stack-security	2	1492	July 30, 2022
Import CA Cert as PrivateKeyEntry to HTTP Keystore - Solve Unable to create enrollment token Error Elasticsearch elastic-stack-security	4	11889	October 5, 2022

Unable to create an enrollment token for Kibana. "Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate"

Related topics