Enable TLS on Kibana:
- Create a certs subdirectory under the Kibana config folder.
- Copy the ca/ca.crt, the public certificate and the private key of the node to the config/certs directory, using the following command:
cp ../elk_ca/ca/ca.crt ../certs/my-kibana/* config/certs
The password of the
Edit the config/kibana.yml as follows:
server.name: "my-kibana" server.host: "kibana.local" server.ssl.enabled: true server.ssl.certificate: config/certs/my-kibana.crt server.ssl.key: config/certs/my-kibana.key elasticsearch.url: "https://node1.local:9200" elasticsearch.username: "kibana" elasticsearch.password: "TalendELK" elasticsearch.ssl.certificateAuthorities: [ "config/certs/ca.crt" ]
kibanauser must correspond to the password generated in Configuring Transport Layer Security (TLS/SSL) in Elasticsearch.
Run the following command to start Kibana:
Open a browser and navigate to
You should get an error that the certificate is not trusted. This is expected since neither the direct certificate nor the signing authority is trusted by the browser.
You can add or trust the newly created certificate authority to your operating system or your browser.