Configuring Transport Layer Security (TLS/SSL) in Kibana - 7.0

Talend Big Data Platform Installation Guide for Linux

EnrichVersion
7.0
EnrichProdName
Talend Big Data Platform
task
Installation and Upgrade
EnrichPlatform
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio

Procedure

  1. Enable TLS on Kibana:
    1. Create a certs subdirectory under the Kibana config folder.
    2. Copy the ca/ca.crt, the public certificate and the private key of the node to the config/certs directory, using the following command:
    cp ../elk_ca/ca/ca.crt ../certs/my-kibana/* config/certs
    1. Edit the config/kibana.yml as follows:
      server.name: "my-kibana"
      server.host: "kibana.local"
      server.ssl.enabled: true
      server.ssl.certificate: config/certs/my-kibana.crt
      server.ssl.key: config/certs/my-kibana.key
      elasticsearch.url: "https://node1.local:9200"
      elasticsearch.username: "kibana"
      elasticsearch.password: "TalendELK"
      elasticsearch.ssl.certificateAuthorities: [ "config/certs/ca.crt" ]
    The password of the kibana user must correspond to the password generated in Configuring Transport Layer Security (TLS/SSL) in Elasticsearch.
  2. Run the following command to start Kibana:
    bin/kibana
  3. Open a browser and navigate to https://kibana.local:5601.

Results

You should get an error that the certificate is not trusted. This is expected since neither the direct certificate nor the signing authority is trusted by the browser.

You can add or trust the newly created certificate authority to your operating system or your browser.