Xiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://kibana.demo.net:5601/api/status fails: fail to execute the HTTP GET request: Get "https://kibana.demo.net:5601/api/status": x509: certificate signed by unkn

Elastic Stack Beats
,
1

Hi there,

I run the following command and always get error message.

sudo filebeat setup -E output.logstash.enabled=false -E output.elasticsearch.hosts=['https://elastic.demo.net:9200'] -E setup.kibana.host=https://kibana.demo.net:5601

Error message:

Overwriting ILM policy is disabled. Set `setup.ilm.overwrite: true` for enabling.

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://kibana.demo.net:5601/api/status fails: fail to execute the HTTP GET request: Get "https://kibana.demo.net:5601/api/status": x509: certificate signed by unknown authority (status=0). Response:

Elasticsearch, Kibana and Filebeat are running on same machine.
Previously, I generated self-signed certificates for Elasticsearch, Kibana and Filebeat using this command to generate certificate: ./elasticsearch-certutil cert --out /etc/filebeat/certs/filebeat.zip --name filebeat --ca-cert /etc/elasticsearch/certs/ca/ca.crt --ca-key /etc/elasticsearch/certs/ca/ca.key --dns filebeat.demo.net --pem

root@parallels-ubuntu:/usr/share/filebeat/bin# ./filebeat test output -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat/ --path.data /var/lib/filebeat
elasticsearch: https://elastic.demo.net:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 8.10.4

root@parallels-ubuntu:/usr/share/filebeat/bin# ./filebeat test config -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat/ --path.data /var/lib/filebeat
Config OK

root@parallels-ubuntu:/usr/share/filebeat/bin# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu-linux-22-04-desktop
127.0.0.1 elastic.demo.net
127.0.0.1 kibana.demo.net
127.0.0.1 filebeat.demo.net

elasticsearch.yml

cluster.name: my-application
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: elastic.demo.net
http.port: 9200


xpack.security.enabled: true

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  certificate: certs/elastic/elastic.crt
  key: certs/elastic/elastic.key
  certificate_authorities: certs/ca/ca.crt

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["parallels-ubuntu"]

http.host: 0.0.0.0

kibana.yml

server.port: 5601

server.host: "0.0.0.0"

server.publicBaseUrl: "https://kibana.demo.net"

server.ssl.enabled: true
server.ssl.certificateAuthorities: ["/etc/kibana/certs/ca.crt"] # copied from Elasticsearch directory
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key

elasticsearch.hosts: ["https://elastic.demo.net:9200"]

elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/ca.crt" ] # copied from Elasticsearch directory

elasticsearch.ssl.verificationMode: full

logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file

pid.file: /run/kibana/kibana.pid

filebeat.yml

filebeat.inputs:

- type: filestream

  id: my-filestream-id

  enabled: true

  paths:
    - /var/log/*.log

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

  reload.period: 10s

setup.template.settings:
  index.number_of_shards: 1

setup.dashboards.enabled: false

setup.kibana:

  host: "https://kibana.demo.net:5601"

output.elasticsearch:
  hosts: ["elastic.demo.net:9200"]

  ssl.certificate_authorities: "/etc/filebeat/certs/ca.crt" # copied from Elasticsearch directory
  ssl.certificate: "/etc/filebeat/certs/filebeat.crt"
  ssl.key: "/etc/filebeat/certs/filebeat.key"

  protocol: "https"

  username: "elastic"
  password: "fdfdsfdsfdsfdfdsfda"

processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

Elasticsearch and Kibana work well, I am able to login.

{
  "name" : "parallels-ubuntu",
  "cluster_name" : "my-application",
  "cluster_uuid" : "r8N4Y-5vTMGtNvG7WNrXbg",
  "version" : {
    "number" : "8.10.4",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "b4a62ac808e886ff032700c391f45f1408b2538c",
    "build_date" : "2023-10-11T22:04:35.506990650Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
2

Hi @whanklee

Since Kibana is on https you need to set up the SSL settings for the Kibana setup section in your filebeat.yml similar to the elasticsearch.output section

See the bottom of this page

3

Yes, you are right.

It works after updating Kibana section in filebeat.yml

setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "https://kibana.demo.net:5601"
  ssl.enabled: true
  ssl.certificate_authorities: "/etc/filebeat/certs/ca.crt" 
  ssl.certificate: "/etc/filebeat/certs/filebeat.crt"
  ssl.key: "/etc/filebeat/certs/filebeat.key"
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.