Unable to verify the first certificate - kibana/elasticsearch

Question

I'm trying to configure xpack for elasticsearch/kibana, I've activated the trial license for elasticsearch, configured xpack for kibana/elasticsearch and also I've generated ca.crt, node1-elk.crt, node1-elk.key and also kibana.key , kibana.crt and if I'm testing with curl towards the elasticsearch using the kibana user and password and also the ca.crt it's working like a charm, if I'm trying to access kibana from the GUI says that the "Server is not ready yet" and the logs show that " unable to verify the first certificate" :

{"type":"log","@timestamp":"2021-11-16T04:41:09-05:00","tags":["error","savedobjects-service"],"pid":13250,"message":"Unable to retrieve version information from Elasticsearch nodes. unable to verify the first certificate"}

My configuration:

kibana.yml

server.name: "my-kibana"
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://0.0.0.0:9200"]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
server.ssl.certificateAuthorities: ["/etc/kibana/certs/ca.crt"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana"

elasticsearch.yml

node.name: node1
network.host: 0.0.0.0
discovery.seed_hosts: [ "0.0.0.0" ]
cluster.initial_master_nodes: ["node1"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/certs/node1.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/node1.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/node1.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/node1.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]

curl testing:

[root@localhost kibana]#  curl -XGET https://0.0.0.0:9200/_cat/nodes?v -u kibana_system:kibana  --cacert /etc/elasticsearch/certs/ca.crt
ip              heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
192.168.100.102           23          97   3    0.00    0.02     0.08 cdfhilmrstw *      node1

I don't know what to do more here:

[root@localhost kibana]#  curl -XGET https://0.0.0.0:9200/_license -u kibana_system:kibana  --cacert /etc/elasticsearch/certs/ca.crt
{
  "license" : {
    "status" : "active",
    "uid" : "872f0ad0-723e-43c8-b346-f43e2707d3de",
    "type" : "trial",
    "issue_date" : "2021-11-08T18:26:15.422Z",
    "issue_date_in_millis" : 1636395975422,
    "expiry_date" : "2021-12-08T18:26:15.422Z",
    "expiry_date_in_millis" : 1638987975422,
    "max_nodes" : 1000,
    "issued_to" : "elasticsearch",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

Thank you for your help

Hi. Curious how you got this one working. I am having the same issue. Thanks — Morariu, Jun 02 '22 at 11:21

score 0 · Answer 1 · answered Mar 09 '23 at 00:32

0

elasticsearch.ssl.certificateAuthorities: $KBN_PATH_CONF/elasticsearch-ca.pem

add this line in the kibana.yml file with

elasticsearch.hosts: https://<your_elasticsearch_host>:9200

answered Mar 09 '23 at 00:32

Pirabanjan Kiruba

1

Unable to verify the first certificate - kibana/elasticsearch

1 Answers1