Wazuh SSL Cert

2,975 views
Skip to first unread message

Philip Jackson

unread,
May 20, 2022, 3:22:21 PM5/20/22
to Wazuh mailing list
Hi switched to Wazuh Indexer and 4.3, but I can't see how to add my SSL cert to secure my Wazuh site.

Juan Carlos Tello

unread,
May 23, 2022, 7:24:58 AM5/23/22
to Philip Jackson, Wazuh mailing list
Hi,
The procedure to configure a certificate for the Wazuh dashboard service is very similar to that of Kibana in the previous version.
You must place the certificate and key files in a folder that is readable by the wazuh-dashboard user and ensure the files themselves are readable by this user, so for example you may create the /etc/wazuh-dashboard/certs/ folder and place within it the key and certificate file.
Then the configuration file /etc/wazuh-dashboard/opensearch_dashboards.yml must point to these files in the server.ssl.key and server.ssl.certificate values.

The wazuh-dashboard service must be restarted for the new certificate to be used.

Don't hesitate to let us know if you have any more questions.
Best Regards,
Juan C. Tello

On Fri, May 20, 2022 at 9:22 PM Philip Jackson <pjack...@gmail.com> wrote:
Hi switched to Wazuh Indexer and 4.3, but I can't see how to add my SSL cert to secure my Wazuh site.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/8cfcbeda-aa23-4d09-bb87-834e26468bf0n%40googlegroups.com.

Chris Davis

unread,
Jul 12, 2022, 11:35:50 AM7/12/22
to Wazuh mailing list
I tried this with certbot and it didn't work - wazuh seems unhappy with lthe etsencrypt certs.

Juan Carlos Tello

unread,
Jul 12, 2022, 12:05:02 PM7/12/22
to Chris Davis, Wazuh mailing list
Hi Chris,
I've always been able to add Let's Encrypt certificates to Wazuh Indexer without issue.
        FQDN=MyDashboardFQDN.com
        yum -y install certbot && \\
        certbot certonly --standalone -d $FQDN -n --agree-tos --email i...@nobody.com && \\
        mkdir /etc/wazuh-dashboard/certs
        cp /etc/letsencrypt/live/$FQDN/privkey.pem /etc/letsencrypt/live/$FQDN/fullchain.pem /etc/wazuh-dashboard/certs/ \\
        chmod 750 /etc/wazuh-dashboard/certs \\
        chmod 640 /etc/wazuh-dashboard/certs/* \\
        chown -R root:wazuh-dashboard /etc/wazuh-dashboard/certs \\
Then modify /etc/wazuh-dashboard/opensearch_dashboards.yml to use 
        server.ssl.key: /etc/wazuh-dashboard/certs/privkey.pem
        server.ssl.certificate: /etc/wazuh-dashboard/certs/fullchain.pem

If you're still facing issues please let us know how you configured your environment and which errors you're seeing so we can provide more help.
Note that I updated the instructions for your reply as we used to have Kibana by default and now we use Wazuh Dashboard. If you're using Kibana then follow these instructions instead: https://github.com/wazuh/wazuh/issues/7033#issuecomment-794477877

Best Regards,
Juan C. Tello
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0a748b0a-7e77-4bc6-9f87-f2540ad9606dn%40googlegroups.com.

Jose Pimentel

unread,
Jul 12, 2022, 7:53:30 PM7/12/22
to Wazuh mailing list
hi, 

i do this but wazuh-dashboard is showing not ready in the page. do i need do something in indexer?

thanks

Juan Carlos Tello

unread,
Jul 13, 2022, 3:32:04 AM7/13/22
to Jose Pimentel, Wazuh mailing list
Hi Jose,

If Wazuh Dashboard is consistently showing "Wazuh dashboard server is not ready yet" then most likely the wazuh dashboard is working correctly but it is not able to reach the Wazuh indexer.

This is not expected when modifying the Wazuh Dashboard's certificate and may have been an issue prior to this change.

Verify that the wazuh-dashboard service is running and if it isn't start it: systemctl restart wazuh-indexer

If that fails then verify the logs to determine the cause of the issue by running either journalctl -u wazuh-indexer | grep -Pi 'error|exception' or grep -Pi 'error|exception' /var/log/wazuh-indexer/wazuh-cluster.log

Let us know if you have any more questions.
Best Regards,
Juan C. Tello
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7227ec4a-88f4-4a05-994f-18c3e64b0651n%40googlegroups.com.

Jose Pimentel

unread,
Jul 13, 2022, 6:06:05 AM7/13/22
to Juan Carlos Tello, Wazuh mailing list
Hi Juan

Thank you. really i rollback to before certificates and works ok. i try restart indexer and up but does not work with my new certs.

Juan Carlos Tello

unread,
Jul 13, 2022, 6:42:02 AM7/13/22
to Jose Pimentel, Wazuh mailing list
Hi Jose,

I'll be happy to provide further assistance and to do so I will need more information.
Can you please share your /etc/wazuh-dashboard/opensearch_dashboards.yml configuration file to verify settings are correct.
Please also share the output of:
    •  journalctl -u wazuh-indexer | grep -Pi 'error|exception'
    •  grep -Pi 'error|exception' /var/log/wazuh-indexer/wazuh-cluster.log
      You may also verify that Wazuh dashboard can correctly by using curl:
      If you receive an "Unauthorized" response this means the certificate is correct, if there's a certificate error it means the certificate that wazuh-dashboard uses to communicate with the indexer is not valid (this certificate should not have been changed in the steps above).

      Best regards,
      Juan C. Tello
      Reply all
      Reply to author
      Forward
      0 new messages