DEV Community

Judy Page
Judy Page

Posted on

How to Configure SSL Certificate for Kibana in Windows

#kibana #ssl #sslcertificate

Image description

Setting up SSL for Kibana is important because it secures communication between the server and clients.

In this article, we will show you how to enable SSL for Kibana. We will also explain how to configure it to work with Elasticsearch when SSL is enabled.

Kibana, a powerful visualization tool designed for Elasticsearch, supports SSL/TLS configuration to protect data exchanges between the client and server.

Setting up SSL for Kibana on a Windows system involves creating or getting SSL certificates, updating the Kibana configuration file, and verifying the setup. This guide will help you complete the process.

Prerequisites Required :

Kibana Installed on Windows:Ensure Kibana is installed on your Windows machine. You can download it from the official Kibana downloads page.

Java Keytool or OpenSSL: These tools help generate or convert certificates if required.

SSL/TLS Certificates:
Self-signed certificates (suitable for testing).

Certificates from a trusted Certificate Authority (CA) for production.

## Installation Steps of SSL For Kibana in Windows

1. Enable SSL for Kibana
To start, you have to first configure the kibana.yml file to enable SSL. Add the following settings:

server.ssl.enabled: true
server.ssl.certificate: <path to your certificate> # Example: signed.cer
server.ssl.key: <path to your keystore> # Example: mykeystore.key
Enter fullscreen mode Exit fullscreen mode

2. Configuring Elasticsearch SSL (If Enabled)
If SSL is enabled for Elasticsearch, extra modifications are required in the kibana.yml file:

elasticsearch.ssl.certificateAuthorities: <path to CA certificate>
Enter fullscreen mode Exit fullscreen mode

Note: Place the keystore and certificate files in the default bin folder or specify their paths in the kibana.yml file.

3. Import the Trusted Root Certificate
Get the trusted root certificate from your Certificate Authority (CA) and store it locally. For instance, store it to D:\ca\cacert.cer.

Import this root certificate into the keystore using the keytool utility:

JAVA_HOME\bin>keytool -importcert -keystore KIBANA_HOME/bin/mykeystore.jks -file D:\ca\cacert.cer -alias my_ca
Enter fullscreen mode Exit fullscreen mode

4. Generate a Keystore and Private Key
To set up a keystore and generate a private key, execute the following command:

keytool -genkey -alias alias1 -keystore KIBANA_HOME/bin/mykeystore.jks -keyalg RSA -keysize 2048 -validity 712
Enter fullscreen mode Exit fullscreen mode

5. Create a Certificate Signing Request (CSR)
Generate a Certificate Signing Request (CSR) using the command:

keytool -certreq -alias alias1 -keystore KIBANA_HOME/bin/mykeystore.jks -file D:\ca\mycsr.csr -keyalg rsa
Enter fullscreen mode Exit fullscreen mode

This will create a CSR that you can send to the CA to obtain a signed certificate.

6. Obtain and Import the Signed Certificate
Submit the CSR to your CA to get a signed certificate.
Save the signed certificate locally (e.g., D:\ca\signed.cer).
Import the certificate into your keystore:

keytool -importcert -keystore KIBANA_HOME/bin/mykeystore.jks -file D:\ca\signed.cer -alias alias1
Enter fullscreen mode Exit fullscreen mode

7. Convert the Keystore to PEM Format
Kibana does not accept the.jks format, thus change the keystore to PEM format:

Convert .jks to .p12:

keytool -importkeystore -srckeystore KIBANA_HOME/bin/mykeystore.jks -destkeystore KIBANA_HOME/bin/mykeystore.p12 -srcstoretype jks -deststoretype pkcs12
Enter fullscreen mode Exit fullscreen mode
  1. Transfer mykeystore.p12 to the Linux machine and execute: 
openssl pkcs12 -in mykeystore.p12 -out mykeystore.pem
Enter fullscreen mode Exit fullscreen mode

Alternatively, directly extract the PEM using:

keytool -list -rfc -keystore "mykeystore.jks" | sed -e "/-*BEGIN [A-Z]*-*/,/-*END [A-Z]*-*/!d" >> "myKeystore.pem"
Enter fullscreen mode Exit fullscreen mode

8. Extract the Key File
To generate the .key file, run the following command:

openssl rsa -in mykeystore.pem -out mykeystore.key
Enter fullscreen mode Exit fullscreen mode

9. Update kibana.yml with SSL Settings
Finally, configure the following in kibana.yml:

server.ssl.enabled: true
server.ssl.certificate: /path/to/mykeystore.pem
server.ssl.key: /path/to/mykeystore.key
Enter fullscreen mode Exit fullscreen mode

Conclusion
By following these steps, you can verify that Kibana is safely configured to use SSL. This not only improves security but also adheres to industry best practices for data protection in transit.

Please leave a comment below if you need any additional information or troubleshooting tips. Happy securing!

This approach organizes the text as an organized guide, ensuring clarity and readability.

profile
Heroku
 Promoted

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

profile
AWS
 Promoted

AWS GenAI LIVE image

Real challenges. Real solutions. Real talk.

From technical discussions to philosophical debates, AWS and AWS Partners examine the impact and evolution of gen AI.

Learn more

Read next

vipulkumarsviit profile image

Understanding SSL and Its Importance

Vipul Kumar -

roseahmed profile image

Deploy Vite-React Project in AWS EC2 using custom domain and free SSL Certificate.

Rose Ahmed -

sohail0992 profile image

Running Kibana, Elastic, and APM with Docker Compose

Muhammad Sohail -

solitrix02 profile image

Renew LetsEncrypt SSL Certificate in WordPress by Bitnami

Sanchit Bajaj -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay