Kibana Plugin ignoring elasticsearch.ssl.certificateAuthorities


(Grahame Murray) #1

I’m using [email protected] with a private (and yes, self-signed) Certificate Authority and have elasticsearch.ssl.certificateAuthorities pointing at the CA cert. Kibana properly uses this setting but RoR seems not to. When I attempt to login I get the message:
Could not login: Client request error: self signed certificate in certificate chain

If I set elasticsearch.ssl.verificationMode to none I can login but then get the same error on the RoR app page as a top of screen red error:
Elasticsearch error: {"data":{"statusCode":502,"error":"Bad Gateway","message":"self signed certificate in certificate chain"},"status":502,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"url":"/api/readonlyrest_kbn/settings","headers":{"Accept":"application/json, text/plain, /","kbn-version":"5.5.0"}},"statusText":"Bad Gateway"}

Kibana without the RoR plugin installed handles full verification against my ES as configured, and I can confirm that ElasticSearch is returning the correct certs using openssl s_client -CAfile myca.crt myelkhost:9200

From my quick read through the Node files it seems RoR simply isn’t honoring the CA.


(Grahame Murray) #2

Also, the verificationMode should be honored by (what I presume is) your backend/handler at /app/readonlyrest_kbn/


(Simone Scarduzio) #3

Hey @gusnuf I sent you a build privately via email, I hope it helps :slight_smile: