elasticsearch Kibana“中的错误;xpack=>;无法获取本地颁发者证书”;
我有一个带有ES和Kibana的单节点服务器。我把它们放在一个ELB后面,在一个域名下。 假设:-kibana.xyz.com和elasticsearch.xyz.com 我在elasticsearch中启用了http ssl,并将pem复制粘贴到kibana,但它不起作用。 在创建http ssl时,我键入了这两个域名来检查原因,但没有任何帮助将其留空或传递也没有区别 PFB elasticsearch.yml
elasticsearch Kibana“中的错误;xpack=>;无法获取本地颁发者证书”;,
elasticsearch,ssl,kibana,
elasticsearch,Ssl,Kibana,我有一个带有ES和Kibana的单节点服务器。我把它们放在一个ELB后面,在一个域名下。 假设:-kibana.xyz.com和elasticsearch.xyz.com 我在elasticsearch中启用了http ssl,并将pem复制粘贴到kibana,但它不起作用。 在创建http ssl时,我键入了这两个域名来检查原因,但没有任何帮助将其留空或传递也没有区别 PFB elasticsearch.yml cluster.name: my-application node.name: e
cluster.name: my-application
node.name: elk-01
network.host: x.x.x.x
discovery.seed_hosts: ["elk-01"]
cluster.initial_master_nodes: ["elk-01"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.authc:
anonymous:
roles: kibana_system
authz_exception: false
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/home/elasticsearch/log_services/elasticsearch-7.9.1/config/new_http.p12"
PFB基班纳yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://test-elasticsearch.xyz.com"]
elasticsearch.username: "elastic"
elasticsearch.password: "xxxx"
xpack.security.enabled: true
xpack.reporting.encryptionKey: "5HLw1U6ot9tU490VivE1rR9ymirksJLM"
xpack.encryptedSavedObjects.encryptionKey: "5HLw1U6ot9tU490VivE1rR9ymirksJLM"
elasticsearch.ssl.certificateAuthorities: "/home/elasticsearch/log_services/kibana-7.9.1-linux-x86_64/config/elasticsearch-new-ca.pem"
logging.dest: /home/elasticsearch/log_services/kibana7/logs/kibana.log
为了实现这一点,我完全遵循了以下链接
https://techexpert.tips/elasticsearch/elasticsearch-enable-tls-https/
https://www.elastic.co/guide/en/elasticsearch/reference/7.9/configuring-tls.html#node-certificates
https://www.elastic.co/guide/en/kibana/7.9/configuring-tls.html
我确信传输证书是好的,因为没有tls实现,它在这个dev env和prod中也能很好地工作。
我正在使用7.9.1版本的elastic、kibana和agent
PFB错误日志
{"type":"log","@timestamp":"2020-09-19T22:53:55Z","tags":["error","elasticsearch","monitoring"],"pid":5047,"message":"Request error, retrying\nGET https://test-elasticsearch.xyz.com/_xpack => unable to get local issuer certificate"}
{"type":"log","@timestamp":"2020-09-19T22:55:00Z","tags":["warning","elasticsearch","data"],"pid":5047,"message":"Unable to revive connection: https://test-elasticsearch.xyz.com/"}
{"type":"log","@timestamp":"2020-09-19T22:55:00Z","tags":["warning","elasti