I’m using readonlyrest_kbn@0.1.6-pre1 with a private (and yes, self-signed) Certificate Authority and have elasticsearch.ssl.certificateAuthorities pointing at the CA cert. Kibana properly uses this setting but RoR seems not to. When I attempt to login I get the message:
Could not login: Client request error: self signed certificate in certificate chain
If I set elasticsearch.ssl.verificationMode to none I can login but then get the same error on the RoR app page as a top of screen red error:
Elasticsearch error: {"data":{"statusCode":502,"error":"Bad Gateway","message":"self signed certificate in certificate chain"},"status":502,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"url":"/api/readonlyrest_kbn/settings","headers":{"Accept":"application/json, text/plain, /","kbn-version":"5.5.0"}},"statusText":"Bad Gateway"}
Kibana without the RoR plugin installed handles full verification against my ES as configured, and I can confirm that ElasticSearch is returning the correct certs using openssl s_client -CAfile myca.crt myelkhost:9200
From my quick read through the Node files it seems RoR simply isn’t honoring the CA.
