XPack Kibana Monitoring will not accept certificateAuthority

das-chick · November 3, 2017, 8:04am

We're setting up a Elasticcluster in Version 6.0.0-rc1 with xpack security enabled.
kibana.yml looks like:
xpack.security.enabled: true
server.ssl.enabled: true
elasticsearch.url: "https://elasticsearch1.elkxpack.svc:9200"
server.ssl.certificate: config/certs/tls.crt
server.ssl.key: config/certs/tls.key
xpack.monitoring.ui.container.elasticsearch.enabled: true
server.ssl.certificateAuthorities: ["/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"]
elasticsearch.ssl.certificateAuthorities: ["/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"]

curling elasticsearch from kibana with the ca works:
sh-4.2$ curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt -u kibana:changeme https://elasticsearch1.elkxpack.svc:9200
{
"name" : "elasticsearch1",
"cluster_name" : "elk",
"cluster_uuid" : "L065EzgLTB2eMfgntPxYSw",
"version" : {
"number" : "6.0.0-rc1",
"build_hash" : "b9c0df2",
"build_date" : "2017-09-25T19:11:45.815Z",
"build_snapshot" : false,
"lucene_version" : "7.0.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}

But kibana monitoring will not accept the ca. thats what i found in the log
{"type":"log","@timestamp":"2017-10-26T16:13:30Z","tags":["warning","elasticsearch","monitoring-ui"],"pid":1,"message":"Unable to revive connection: https://elasticsearch1.elkxpack.svc:9200/"}

any ideas?

tsullivan · November 10, 2017, 4:56pm

Does adding the following settings to kibana.yml resolve the issue?

- xpack.monitoring.elasticsearch.ssl.certificate
- xpack.monitoring.elasticsearch.ssl.key

The connection to Elasticsearch for the Monitoring app might not be inheriting these settings from server.ssl correctly.

tsullivan · November 10, 2017, 5:25pm

Following up, I think I was able to reproduce your issue, and I got it to work by just adding the 1 setting for

xpack.monitoring.elasticsearch.ssl.certificateAuthorities

to the same value as

elasticsearch.ssl.certificateAuthorities

Seems like a bug - it should work automatically. I will file an issue.

system · December 8, 2017, 5:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Access denied while opening Stack-Monitoring on Kibana 7.8 Kibana elastic-stack-monitoring , elastic-stack-security	8	1545	August 3, 2020
Kibana can't startup successfully after enable ssl and xpack in elasticsearch6.7.1 Kibana elastic-stack-security	6	1061	May 20, 2019
Setting up Xpack security - stuck Elasticsearch elastic-stack-security	2	474	April 14, 2020
Kibana cannot connect to elastichsearch in https, xpack enabled Kibana	2	501	November 15, 2021
How to Reconfigure the setup-password for the elastic cluster, as we are getting the authentication error for all the users Elasticsearch elastic-stack-security	2	275	January 18, 2021

XPack Kibana Monitoring will not accept certificateAuthority

Related topics