Installing ELK Stack on CentOS 8<\/a><\/p>\n\n\n\n Once you have Kibana\/ELK installed, you can then proceed to enable Kibana with TLS\/SSL to enable you encrypt traffic between the browser and Kibana.<\/p>\n\n\n\n You can choose to obtain a commercially trusted certificates and keys from an public CA of your preference.<\/p>\n\n\n\n Similarly, you can use self-signed certificates for your non-public facing Kibana.<\/p>\n\n\n\n If you opt to use the self-signed certificates, then there are two options. You can either obtain the TLS certs and key using;<\/p>\n\n\n\n To generate Kibana Self Signed TLS certs and key using Set Kibana as the owner of the TLS certs and key;<\/p>\n\n\n\n If you don’t want to use OpenSSL to generate your Kibana TLS certs and key, then you can use the Create directory to store the certs files;<\/p>\n\n\n\n Generate the certs:<\/p>\n\n\n\n The command will generate a PKCS#12 file with the name you provided on the command line. However, it will prompt you to enter the certificate file name as well as whether to use the password.<\/p>\n\n\n\n Sample output. For each, Press ENTER to choose default name provided\/blank password or provide the name\/password and press ENTER respectively.<\/p>\n\n\n\n This places the cert file in the You can copy it to the directory created for the certs above;<\/p>\n\n\n\n Ensure Kibana<\/strong> user owns this file.<\/p>\n\n\n\n If you generated your certificates and keys using OpenSSL<\/strong>, then open Kibana configuration file, And update the paths to the generated certificate and key.<\/p>\n\n\n\n Such that the line may look like;<\/p>\n\n\n\n If you generated your certificates and keys using Also add the line, Simply run the command below;<\/p>\n\n\n\n If your certs is encrypted with a password, add the decryption password to your Kibana keystore by running the command below;<\/p>\n\n\n\n If you used an empty password, then enter the line, Otherwise, you might experience such error, If you generated the PKCS file, you can generate the PEM files from it as follows;<\/p>\n\n\n\n Once you have them in PEM format, change ownership to Kibana and can install them as shown above;<\/p>\n\n\n\n Check the logs to ensure Kibana is working fine.<\/p>\n\n\n\n On the Browser, you can navigate to https:\/\/<server-hostname>:5601<\/strong><\/p>\n\n\n\n When prompted, accept the self signed ssl warning and proceed.<\/p>\n\n\n\n And that concludes our guide on how to enable HTTPS connection.<\/p>\n\n\n\n Configure Kibana to enable TLS<\/a><\/p>\n\n\n\n Integrate Wazuh Manager with ELK Stack<\/a><\/p>\n\n\n\n Configure ELK Stack Alerting with ElastAlert<\/a><\/p>\n\n\n\nEnabling Kibana HTTPS connection<\/h3>\n\n\n\n
Obtain TLS Certificates and Private Key<\/h4>\n\n\n\n
\n
Generate Kibana Self Signed TLS Certs and Key using OpenSSL<\/h4>\n\n\n\n
openssl<\/code><\/strong>, run the commands below. Be sure to replace the respective details in your certificate<\/strong>.<\/p>\n\n\n\nmkdir \/etc\/ssl\/kibana<\/code><\/pre>\n\n\n\nopenssl genrsa -out \/etc\/ssl\/kibana\/kibana-key.key 2048<\/code><\/pre>\n\n\n\nopenssl req -new -x509 -sha512 -key \/etc\/ssl\/kibana\/kibana-key.key -out \/etc\/ssl\/kibana\/kibana-ca.crt -subj \"\/C=US\/ST=Utah\/L=Lehi\/O=Kifarunix-demo\/OU=IT\/CN=*.kifarunix-demo.com\"<\/code><\/pre>\n\n\n\nopenssl req -new -key \/etc\/ssl\/kibana\/kibana-key.key -out \/etc\/ssl\/kibana\/kibana-ca.csr -subj \"\/C=US\/ST=Utah\/L=Lehi\/O=Kifarunix-demo\/OU=IT\/CN=*.kifarunix-demo.com\"<\/code><\/pre>\n\n\n\nopenssl x509 -req -in \/etc\/ssl\/kibana\/kibana-ca.csr -CA \/etc\/ssl\/kibana\/kibana-ca.crt -CAkey \/etc\/ssl\/kibana\/kibana-key.key -CAcreateserial -sha512 -out \/etc\/ssl\/kibana\/kibana-cert.crt -days 3650<\/code><\/pre>\n\n\n\nchown -R kibana: \/etc\/ssl\/kibana<\/code><\/pre>\n\n\n\nGenerate Kibana Self Signed TLS Certs using elasticsearch-certutil<\/h4>\n\n\n\n
elasticsearch-certutil<\/code><\/strong> tool as follows.<\/p>\n\n\n\nmkdir \/etc\/ssl\/kibana<\/code><\/pre>\n\n\n\n\/usr\/share\/elasticsearch\/bin\/elasticsearch-certutil cert -name kibana-certs -dns localhost,*.kifarunix-demo.com -s<\/code><\/pre>\n\n\n\nPlease enter the desired output file [kibana-certs.p12]:\nEnter password for kibana-certs.p12 :<\/code><\/pre>\n\n\n\n\/usr\/share\/elasticsearch\/<\/strong><\/code> with the name kibana-certs.p12<\/strong>.<\/p>\n\n\n\ncp \/usr\/share\/elasticsearch\/kibana-certs.p12 \/etc\/ssl\/kibana<\/code><\/pre>\n\n\n\nchown -R kibana: \/etc\/ssl\/kibana<\/code><\/pre>\n\n\n\n
Enabling Kibana HTTPS Connection<\/h4>\n\n\n\n
Install TLS Certs in PEM format in Kibana<\/h5>\n\n\n\n
\/etc\/kibana\/kibana.yml<\/code><\/strong>, for editing and uncomment the lines;<\/p>\n\n\n\n...\n#server.ssl.enabled: false\n#server.ssl.certificate: \/path\/to\/your\/server.crt\n#server.ssl.key: \/path\/to\/your\/server.key\n...\n#elasticsearch.ssl.certificateAuthorities: [ \"\/path\/to\/your\/CA.pem\" ]\n...<\/code><\/pre>\n\n\n\nvim \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n...\nserver.ssl.enabled: true\nserver.ssl.certificate: \/etc\/ssl\/kibana\/kibana-cert.crt\nserver.ssl.key: \/etc\/ssl\/kibana\/kibana-key.key\n...\n# Optional\nserver.ssl.certificateAuthorities: \/etc\/ssl\/kibana\/kibana-ca.crt\n...<\/code><\/pre>\n\n\n\nInstall TLS Certs in PKCS#12 format in Kibana<\/h5>\n\n\n\n
elasticsearch-certutil<\/code><\/strong>, then open Kibana configuration file, \/etc\/kibana\/kibana.yml<\/code><\/strong>, for editing and uncomment the line #server.ssl.enabled: false<\/strong> and change the value to true<\/strong>.<\/p>\n\n\n\nserver.ssl.keystore.path: \"\/path\/to\/p12\/file\"<\/code><\/strong><\/p>\n\n\n\necho -e 'server.ssl.enabled: true\\nserver.ssl.keystore.path: \"\/etc\/ssl\/kibana\/kibana-certs.p12\"' >> \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n\/usr\/share\/kibana\/bin\/kibana-keystore add server.ssl.keyPassphrase<\/code><\/pre>\n\n\n\nserver.ssl.keystore.password: \"\"<\/code><\/strong>, in kibana.yml<\/strong>.<\/p>\n\n\n\necho 'server.ssl.keystore.password: \"\"' >> \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n Error: PKCS#12 MAC could not be verified. Invalid password<\/code><\/strong>.<\/p>\n\n\n\nGenerate PEM Files from PKCS cert files<\/h4>\n\n\n\n
\n
openssl pkcs12 -in \/etc\/ssl\/kibana\/kibana-certs.p12 -nodes -nokeys -cacerts -out \/etc\/ssl\/kibana\/kibana-ca.crt<\/code><\/pre>\n\n\n\n\n
openssl pkcs12 -in \/etc\/ssl\/kibana\/kibana-certs.p12 -out \/etc\/ssl\/kibana\/kibana-cert.crt -nokeys<\/code><\/pre>\n\n\n\n\n
openssl pkcs12 -in \/etc\/ssl\/kibana\/kibana-certs.p12 -out \/etc\/ssl\/kibana\/kibana-key.key -nodes -nocerts<\/code><\/pre>\n\n\n\nchown -R kibana: \/etc\/ssl\/kibana<\/code><\/pre>\n\n\n\nRestart Kibana Service<\/h4>\n\n\n\n
systemctl restart kibana<\/code><\/pre>\n\n\n\nVerify Kibana HTTPS configuration<\/h3>\n\n\n\n
curl -sk -vvv \"https:\/\/elk.kifarunix-demo.com:5601\" --capath \/etc\/ssl\/kibana\/ 2>&1 | awk 'BEGIN { cert=0 } \/^* Server certificate:\/ { cert=1 } \/^*\/ { if (cert) print }'<\/code><\/pre>\n\n\n\n* Server certificate:\n* subject: C=US; ST=Utah; L=Lehi; O=Kifarunix-demo; OU=IT; CN=*.kifarunix-demo.com\n* start date: May 25 18:52:15 2021 GMT\n* expire date: May 23 18:52:15 2031 GMT\n* issuer: C=US; ST=Utah; L=Lehi; O=Kifarunix-demo; OU=IT; CN=*.kifarunix-demo.com\n* SSL certificate verify result: self signed certificate (18), continuing anyway.\n* Connection #0 to host elk.kifarunix-demo.com left intact<\/code><\/pre>\n\n\n\n![\"Enable](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/kibana-https.png\" "\\"\\"")
<\/figure>\n\n\n\nReference<\/h4>\n\n\n\n
Other Tutorials<\/h4>\n\n\n\n