Unable to retrieve version information from Elasticsearch nodes. unable to verify the first certificate

Hi dear fellow elkers! I having the issue of Unable to retrieve version information from Elasticsearch nodes. unable to verify the first certificate. The server also gets stuck on Kibana server is not ready yet.

I am following the official process and minimal and basic security show no issues. But when i get to Encrypt traffic between Kibana and Elasticsearch it does not work. I chose to use CSR instead for the /usr/share/elasticsearch/bin/elasticsearch-certutil ca.

When I do elasticsearch.ssl.verificationMode: none it works but when commented out it fails. When i use curl it works, when provided a different file it fails.

Output of curl:

root@ip-10-0-0-39:/etc/kibana# curl -X GET "https://kibana.delicatehug.com:9200" --cacert certificate.pem -u kibana_system:IIklIRxz8bTAZKTKQnC1
{
  "name" : "node-1",
  "cluster_name" : "my-cluster",
  "cluster_uuid" : "M_aoZkBCS2KRsXz_yyXsKw",
  "version" : {
    "number" : "7.17.28",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "139cb5a961d8de68b8e02c45cc47f5289a3623af",
    "build_date" : "2025-02-20T09:05:31.349013687Z",
    "build_snapshot" : false,
    "lucene_version" : "8.11.3",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

However it fails from Kibana.

Hi @Dylan_Smart Welcome to the community.

3 things

can you run that curl with -v option.

Share your kibana.yml with the SSL enabled

Share the log messages from Kibana

This was fixed, I failed to set up the proper certificates, user error