Kibana SSL connection to elasticsearch

Security
1

Hey there,
I have a trouble with configuring kibana to connect based on tls config with elastic search

ive made elastic.keystore and elastic.truststore ( with client cert) and config elastic with these files. and after that create client.keystore and client.truststore( with elastic cert).

i wanna connect kibana to elastic with these files and config ssl ,

how can i do this?

this is my kibana config:

Description:

Default Kibana configuration from kibana-docker.

server.name: kibana
server.host: “0”
elasticsearch.hosts: https://localhost:9200
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificate: “/usr/share/kibana/config/elastic.truststore”
elasticsearch.ssl.key: “/usr/share/kibana/config/client.keystore”

elasticsearch.ssl.keystore.path: “/usr/share/kibana/config/elastic.keystore”

elasticsearch.ssl.keystore.password: “123456”

elasticsearch.ssl.truststore.path: “/usr/share/kibana/config/client.keystore”

elasticsearch.ssl.truststore.password: “123456”

elasticsearch.username: admin
elasticsearch.password: admin
elasticsearch.requestHeadersWhitelist: [“securitytenant”,“Authorization”]

opendistro_security.multitenancy.enabled: true
opendistro_security.multitenancy.tenants.preferred: [“Private”, “Global”]
opendistro_security.readonly_mode.roles: [“kibana_read_only”]

newsfeed.enabled: false
telemetry.optIn: false
telemetry.enabled: false

and this is my elastic config:

cluster.name: “docker-cluster”
network.host: 0.0.0.0

#opendistro_security.disabled: true

######## Start OpenDistro for Elasticsearch Security Configuration ########
opendistro_security.ssl.transport.keystore_filepath: elastic.keystore
opendistro_security.ssl.transport.keystore_type: PKCS12
opendistro_security.ssl.transport.keystore_alias: elasticserver
opendistro_security.ssl.transport.keystore_password: 123456

opendistro_security.ssl.transport.truststore_filepath: elastic.truststore
opendistro_security.ssl.transport.truststore_type: PKCS12
opendistro_security.ssl.transport.truststore_alias: elasticclient
opendistro_security.ssl.transport.truststore_password: 123456

opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true

opendistro_security.ssl.http.keystore_filepath: elastic.keystore
opendistro_security.ssl.http.keystore_type: PKCS12
opendistro_security.ssl.http.keystore_alias: elasticserver
opendistro_security.ssl.http.keystore_password: “123456”

opendistro_security.ssl.http.truststore_filepath: elastic.truststore
opendistro_security.ssl.http.truststore_type: PKCS12
opendistro_security.ssl.http.truststore_alias: elasticclient
opendistro_security.ssl.http.truststore_password: 123456
opendistro_security.ssl.http.clientauth_mode: REQUIRE
opendistro_security.ssl.http.enable_openssl_if_available: false

opendistro_security.allow_unsafe_democertificates: false

opendistro_security.allow_default_init_securityindex: true

opendistro_security.authcz.admin_dn:

  • ‘CN=Elastic Server,O=ISC, C=IR’
  • ‘CN=Elastic Client,O=ISC,C=IR’
    opendistro_security.nodes_dn:
  • ‘CN=Elastic Server,O=ISC,C=IR’
    opendistro_security.audit.type: internal_elasticsearch
    opendistro_security.enable_snapshot_restore_privilege: true
    opendistro_security.check_snapshot_restore_write_privileges: true
    opendistro_security.restapi.roles_enabled: [“all_access”, “security_rest_api_access”]
    cluster.routing.allocation.disk.threshold_enabled: false
    discovery.zen.minimum_master_nodes: 1
    node.max_local_storage_nodes: 3
    ######## End OpenDistro for Elasticsearch Security Demo Configuration ########
2

Hi @rezar00 did you manage to get this resolved? If not can you confirm if the above config is all one file or separate kibana.yml and elasticsearch.yml files?