XPack Kibana Monitoring will not accept certificateAuthority

We're setting up a Elasticcluster in Version 6.0.0-rc1 with xpack security enabled.
kibana.yml looks like:
xpack.security.enabled: true
server.ssl.enabled: true
elasticsearch.url: "https://elasticsearch1.elkxpack.svc:9200"
server.ssl.certificate: config/certs/tls.crt
server.ssl.key: config/certs/tls.key
xpack.monitoring.ui.container.elasticsearch.enabled: true
server.ssl.certificateAuthorities: ["/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"]
elasticsearch.ssl.certificateAuthorities: ["/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"]

curling elasticsearch from kibana with the ca works:
sh-4.2$ curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt -u kibana:changeme https://elasticsearch1.elkxpack.svc:9200
"name" : "elasticsearch1",
"cluster_name" : "elk",
"cluster_uuid" : "L065EzgLTB2eMfgntPxYSw",
"version" : {
"number" : "6.0.0-rc1",
"build_hash" : "b9c0df2",
"build_date" : "2017-09-25T19:11:45.815Z",
"build_snapshot" : false,
"lucene_version" : "7.0.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
"tagline" : "You Know, for Search"

But kibana monitoring will not accept the ca. thats what i found in the log
{"type":"log","@timestamp":"2017-10-26T16:13:30Z","tags":["warning","elasticsearch","monitoring-ui"],"pid":1,"message":"Unable to revive connection: https://elasticsearch1.elkxpack.svc:9200/"}

any ideas?

Does adding the following settings to kibana.yml resolve the issue?

- xpack.monitoring.elasticsearch.ssl.certificate
- xpack.monitoring.elasticsearch.ssl.key

The connection to Elasticsearch for the Monitoring app might not be inheriting these settings from server.ssl correctly.

Following up, I think I was able to reproduce your issue, and I got it to work by just adding the 1 setting for


to the same value as


Seems like a bug - it should work automatically. I will file an issue.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.