Use a password protected elasticsearch-ca.pem inside kibana.kml

To make communications between Kibana and Elasticsearch be encrypted , I can use one of the followings:

elasticsearch.ssl.certificateAuthorities: /etc/kibana/elasticsearch-ca.pem

elasticsearch.ssl.key.path: /etc/kibana/elasticsearch-ca.pem

But I have a .pem file which is password protected. But I couldn't find the suitable code/syntax . I tried many things like this but Kibana log nothings on start up, means that the lines bellow are unknown commands:

elasticsearch.ssl.certificateAuthorities.password:"myPass"
elasticsearch.ssl.key.password: "myPass"

What can I do to use a password protected .pem file inside kibana.kml?

Those two configurations are very different.

The certificateAuthorities setting indicates which certificate authorities should be trusted when verifying the identity of the ES server.
The key setting provides private key for TLS client authentication.

Only PEM private keys can be encrypted. It is not possible to have an encrypted certificate (authority). Do you have a private key or a certificate?

This is how I created my .pem to be used in Kibana.kml. The first two lines are used to generate a CA and generate a certificate and private key for your node

./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
openssl pkcs12 -in elastic-certificates.p12 -cacerts -nokeys -out elasticsearch-ca.pem -passout pass:123456

This will produce a PEM-formatted file named elasticsearch-ca.pem that contains all CA certificates from the PKCS#12 file.

Now I have a .pem file password protected (in documents it has no password). I use this in kibana and also use a copy of it in my.Net core app to be connected securely.

I can add a password to Nest in my app but cant add pass in kibana.kml
Refrence: https://www.elastic.co/guide/en/kibana/master/configuring-tls.html

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.