Unable to verify the first certificate

Hi all,

I hope you can help me with the below.

We are using a third party to sign our certificate, and I have followed the guide below.

Our infrastructure team have provided me with a P12 file, which seems to work fine when connected to ES and Kibana via the web browser. As you can see, I can access Kibana and ES via HTTPS.



However, for Kibana to work, I have to set the below option, which is not a good idea.
The reason is that when I disable this setting or set it to “certificate”, I get the error message “Unable to verify the first certificate”. This can also be seen when I try to make a Postman request to one of our Elasticsearch servers. So I have to disable SSL verification, similar to what I have to do for Kibana.

Kibana.YML

The CAChain contains the root and intermediate certificate. As we limit internet access in our VM estate we thought Kibana is trying to validate the certificate online however this issue remains after allowing the machine unrestricted internet access from our firewall.


Elasticsearch.yml – Node 1