Problem with SSL Deployment
1,970 views
Skip to first unread message
Afika Fairuz
Aug 10, 2022, 5:09:47 AM8/10/22
to Wazuh mailing list
Hi, hope you all doing well
First, let me tell you that we have installed Wazuh with opendistro in 2021
Then we migrating to Wazuh-Indexer, Wazuh-Server and Wazuh-Dashboard, and there's just some minor issues that we will ask in other chance
Our issues now is, we Try to deploy a certificate to secure our communication in wazuh (SSL). We try to doing as described in this thread
https://groups.google.com/g/wazuh/c/1zxKhyaH490/m/lrtthyeoNAAJ
First, let me tell you that we have installed Wazuh with opendistro in 2021
Then we migrating to Wazuh-Indexer, Wazuh-Server and Wazuh-Dashboard, and there's just some minor issues that we will ask in other chance
Our issues now is, we Try to deploy a certificate to secure our communication in wazuh (SSL). We try to doing as described in this thread
https://groups.google.com/g/wazuh/c/1zxKhyaH490/m/lrtthyeoNAAJ
And yes, we applied a SSL Certificate but we cant access wazuh dashboard as this message appear "Wazuh dashboard server is not ready yet"
We try to check wazuh dashboard status, its running but it says
"message":"[ConnectionError]: unable to verify the first certificate"
We try to check wazuh dashboard status, its running but it says
"message":"[ConnectionError]: unable to verify the first certificate"
So we try to find out the solution and we find this thread
https://groups.google.com/g/wazuh/c/UVclFAxOJhI/m/kP7-210jAQAJ
https://groups.google.com/g/wazuh/c/UVclFAxOJhI/m/kP7-210jAQAJ
and try the solution using wazuh-certs-tool.sh
But now we even cannot start the wazuh dashboard with this error
But now we even cannot start the wazuh dashboard with this error
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at readYaml (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:38:52)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.exports.getConfigFromFiles (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:63:22)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at exports.loadConfiguration (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/config_loader.js:44:38)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at module.exports (/usr/share/wazuh-dashboard/src/apm.js:60:15)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli/dist.js:34:18)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module._compile (internal/modules/cjs/loader.js:778:30)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module.load (internal/modules/cjs/loader.js:653:32)
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.exports.getConfigFromFiles (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:63:22)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at exports.loadConfiguration (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/config_loader.js:44:38)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at module.exports (/usr/share/wazuh-dashboard/src/apm.js:60:15)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli/dist.js:34:18)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module._compile (internal/modules/cjs/loader.js:778:30)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module.load (internal/modules/cjs/loader.js:653:32)
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
What should we do to fix our mistake and make the certificates works?
Thank you before
Thank you before
Afika Fairuz
Aug 10, 2022, 5:11:34 AM8/10/22
to Wazuh mailing list
here the complete wazuh dashboard status
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at readYaml (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:38:52)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.exports.getConfigFromFiles (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:63:22)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at exports.loadConfiguration (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/config_loader.js:44:38)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at module.exports (/usr/share/wazuh-dashboard/src/apm.js:60:15)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli/dist.js:34:18)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module._compile (internal/modules/cjs/loader.js:778:30)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module.load (internal/modules/cjs/loader.js:653:32)
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 08:56:52 UTC; 8min ago
Process: 1115926 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
Main PID: 1115926 (code=exited, status=1/FAILURE)
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 08:56:52 UTC; 8min ago
Process: 1115926 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
Main PID: 1115926 (code=exited, status=1/FAILURE)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at readYaml (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:38:52)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.exports.getConfigFromFiles (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:63:22)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at exports.loadConfiguration (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/config_loader.js:44:38)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at module.exports (/usr/share/wazuh-dashboard/src/apm.js:60:15)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli/dist.js:34:18)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module._compile (internal/modules/cjs/loader.js:778:30)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
Aug 10 08:56:52 ubuntu opensearch-dashboards[1115926]: at Module.load (internal/modules/cjs/loader.js:653:32)
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 08:56:52 ubuntu systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Damian Nicastro
Aug 10, 2022, 8:41:07 AM8/10/22
to Wazuh mailing list
Hello @
afikagaming666:
I hope you are fine.
As you have mentioned, the recommended way to generate certificates is to use the "wazuh.certss-tool" script:
You can download it from the site above or use the one that is located in:
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh
This will generate all the certificates and you have to replace all of them in:
[root@wazuh-server ~]# ls -l /etc/wazuh-indexer/certs/
total 20
-r--------. 1 wazuh-indexer wazuh-indexer 1708 Jun 24 17:28 admin-key.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1107 Jun 24 17:28 admin.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1184 Jun 24 17:28 root-ca.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1704 Jun 24 17:28 wazuh-indexer-key.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1229 Jun 24 17:28 wazuh-indexer.pem
total 20
-r--------. 1 wazuh-indexer wazuh-indexer 1708 Jun 24 17:28 admin-key.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1107 Jun 24 17:28 admin.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1184 Jun 24 17:28 root-ca.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1704 Jun 24 17:28 wazuh-indexer-key.pem
-r--------. 1 wazuh-indexer wazuh-indexer 1229 Jun 24 17:28 wazuh-indexer.pem
[root@wazuh-server ~]# ls -l /etc/wazuh-dashboard/certs/
total 12
-r--------. 1 wazuh-dashboard wazuh-dashboard 1184 Jun 24 17:28 root-ca.pem
-r--------. 1 wazuh-dashboard wazuh-dashboard 1708 Jun 24 17:28 wazuh-dashboard-key.pem
-r--------. 1 wazuh-dashboard wazuh-dashboard 1233 Jun 24 17:28 wazuh-dashboard.pem
[root@wazuh-server ~]# ls -l /etc/filebeat/certs/
total 12
-r--------. 1 root root 1184 Jun 24 17:28 root-ca.pem
-r--------. 1 root root 1704 Jun 24 17:28 wazuh-server-key.pem
-r--------. 1 root root 1229 Jun 24 17:28 wazuh-server.pem
total 12
-r--------. 1 wazuh-dashboard wazuh-dashboard 1184 Jun 24 17:28 root-ca.pem
-r--------. 1 wazuh-dashboard wazuh-dashboard 1708 Jun 24 17:28 wazuh-dashboard-key.pem
-r--------. 1 wazuh-dashboard wazuh-dashboard 1233 Jun 24 17:28 wazuh-dashboard.pem
[root@wazuh-server ~]# ls -l /etc/filebeat/certs/
total 12
-r--------. 1 root root 1184 Jun 24 17:28 root-ca.pem
-r--------. 1 root root 1704 Jun 24 17:28 wazuh-server-key.pem
-r--------. 1 root root 1229 Jun 24 17:28 wazuh-server.pem
If you want to generate certificates one by one for example with OpenSSL or using an existent roo CA, please follow these steps for each certificate
#Create a private key
openssl genrsa -out admin-key-temp.pem 2048
#Convert private key to PKCS#8 format
openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
#Create a CSR that'll be signed by the CA
openssl req -new -key admin-key.pem -subj "/C=AR/ST=MZA/O=Wazuh/OU=Ops/CN=admin" -out admin.csr
#Sign the CSR
openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca.key -CAcreateserial -sha256 -out admin.pem -days 3650
#Remove unused files
rm -f admin-key-temp.pem admin.csr
openssl genrsa -out admin-key-temp.pem 2048
#Convert private key to PKCS#8 format
openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
#Create a CSR that'll be signed by the CA
openssl req -new -key admin-key.pem -subj "/C=AR/ST=MZA/O=Wazuh/OU=Ops/CN=admin" -out admin.csr
#Sign the CSR
openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca.key -CAcreateserial -sha256 -out admin.pem -days 3650
#Remove unused files
rm -f admin-key-temp.pem admin.csr
Once you have all the new certificates in place, plase try to start again all the Wazuh services.
If you only have problems to start the Wazuh-dashboard, check first permssions and ownership of the Wazuh-dashboards certificates.
Then, check the that they were issued by the corresponding root CA:
# openssl verify -CAfile /path/ca.pem /path/wazuh-dashboard.pem
Check the expiration date of the certificate:
# openssl x509 -enddate -noout -in /path/wazuh-dashboard.pem
Check the subject of the certificate:
# openssl x509 -in wazuh-dashboard.pem -noout -subject -issuer
If there is any problem with this certificate, you generate a new one following the previous steps.
I hope this helps
Thanks
Afika Fairuz
Aug 10, 2022, 10:17:55 AM8/10/22
to Wazuh mailing list
Thank you for your reply
We have a existent SSL/TLS Certificate from Sectigo in a bundle, and we have put it in wazuh host server
Is that can be implemeted as wazuh certificate?
I've trying to implement that ssl/tls certificate using wazuh-certs-tools using this option
# bash wazuh-certs-tool.sh -A /path/to/root-ca.pem /path/to/root-ca.key
and also restart all the service, but now all service failed to start with following error
Is that can be implemeted as wazuh certificate?
I've trying to implement that ssl/tls certificate using wazuh-certs-tools using this option
# bash wazuh-certs-tool.sh -A /path/to/root-ca.pem /path/to/root-ca.key
and also restart all the service, but now all service failed to start with following error
wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 14:06:27 UTC; 8s ago
Docs: https://documentation.wazuh.com
Process: 36142 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 36142 (code=exited, status=1/FAILURE)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.cli.Command.main(Command.java:101)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Aug 10 14:06:27 etap systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 14:06:27 etap systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Aug 10 14:06:27 etap systemd[1]: Failed to start Wazuh-indexer.
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 14:06:27 UTC; 8s ago
Docs: https://documentation.wazuh.com
Process: 36142 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 36142 (code=exited, status=1/FAILURE)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.cli.Command.main(Command.java:101)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101)
Aug 10 14:06:27 etap systemd-entrypoint[36142]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Aug 10 14:06:27 etap systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 14:06:27 etap systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Aug 10 14:06:27 etap systemd[1]: Failed to start Wazuh-indexer.
filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 14:04:32 UTC; 11min ago
Docs: https://www.elastic.co/products/beats/filebeat
Process: 35477 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
Main PID: 35477 (code=exited, status=1/FAILURE)
Aug 10 14:04:32 etap systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
Aug 10 14:04:32 etap systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Aug 10 14:04:32 etap systemd[1]: filebeat.service: Start request repeated too quickly.
Aug 10 14:04:32 etap systemd[1]: filebeat.service: Failed with result 'exit-code'.
Aug 10 14:04:32 etap systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 14:04:32 UTC; 11min ago
Docs: https://www.elastic.co/products/beats/filebeat
Process: 35477 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
Main PID: 35477 (code=exited, status=1/FAILURE)
Aug 10 14:04:32 etap systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
Aug 10 14:04:32 etap systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Aug 10 14:04:32 etap systemd[1]: filebeat.service: Start request repeated too quickly.
Aug 10 14:04:32 etap systemd[1]: filebeat.service: Failed with result 'exit-code'.
Aug 10 14:04:32 etap systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-08-10 10:05:15 UTC; 4h 11min ago
Process: 909 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
Main PID: 909 (code=exited, status=1/FAILURE)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at readYaml (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:38:52)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Object.exports.getConfigFromFiles (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/>
Aug 10 10:05:15 etap opensearch-dashboards[909]: at exports.loadConfiguration (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/config_loader.>
Aug 10 10:05:15 etap opensearch-dashboards[909]: at module.exports (/usr/share/wazuh-dashboard/src/apm.js:60:15)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli/dist.js:34:18)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Module._compile (internal/modules/cjs/loader.js:778:30)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Module.load (internal/modules/cjs/loader.js:653:32)
Aug 10 10:05:15 etap systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 10:05:15 etap systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Process: 909 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
Main PID: 909 (code=exited, status=1/FAILURE)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at readYaml (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/read_config.js:38:52)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Object.exports.getConfigFromFiles (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/utils/>
Aug 10 10:05:15 etap opensearch-dashboards[909]: at exports.loadConfiguration (/usr/share/wazuh-dashboard/node_modules/@osd/apm-config-loader/target/config_loader.>
Aug 10 10:05:15 etap opensearch-dashboards[909]: at module.exports (/usr/share/wazuh-dashboard/src/apm.js:60:15)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Object.<anonymous> (/usr/share/wazuh-dashboard/src/cli/dist.js:34:18)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Module._compile (internal/modules/cjs/loader.js:778:30)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
Aug 10 10:05:15 etap opensearch-dashboards[909]: at Module.load (internal/modules/cjs/loader.js:653:32)
Aug 10 10:05:15 etap systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Aug 10 10:05:15 etap systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
I think I'm doing it really wrong
Afika Fairuz
Aug 10, 2022, 11:11:23 AM8/10/22
to Wazuh mailing list
I've rollback all change and the system running now
But back to the point, how to use the existing sectigo ssl bundle into wazuh
I've try to change opensearch_dashboard.yml in
But back to the point, how to use the existing sectigo ssl bundle into wazuh
I've try to change opensearch_dashboard.yml in
/etc/wazuh-dashboard/opensearch_dashboards.yml
to this
to this
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/path to Sectigo bundle/private.key"
server.ssl.certificate: "/etc/wazuh-dashboard/path to Sectigo bundle/cert.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/ path to Sectigo bundle/RootCA.crt"]
uiSettings.overrides.defaultRoute: /app/wazuh
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/path to Sectigo bundle/private.key"
server.ssl.certificate: "/etc/wazuh-dashboard/path to Sectigo bundle/cert.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/ path to Sectigo bundle/RootCA.crt"]
uiSettings.overrides.defaultRoute: /app/wazuh
The wazuh dashboard running with this message
wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-08-10 14:49:46 UTC; 17min ago
Main PID: 42239 (node)
Tasks: 11 (limit: 9442)
Memory: 125.6M
CGroup: /system.slice/wazuh-dashboard.service
└─42239 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/>
Aug 10 15:06:29 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:29Z","tags":["error","opensearch","data"],"pid":42239,"message":"[Conne>
Aug 10 15:06:32 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:32Z","tags":["error","opensearch","data"],"pid":42239,"message":"[Conne>
Aug 10 15:06:34 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:34Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:37 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:37Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:39 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:39Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:42 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:42Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:44 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:44Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:47 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:47Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:49 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:49Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:52 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:52Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
lines 1-19/19 (END)
Main PID: 42239 (node)
Tasks: 11 (limit: 9442)
Memory: 125.6M
CGroup: /system.slice/wazuh-dashboard.service
└─42239 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/>
Aug 10 15:06:29 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:29Z","tags":["error","opensearch","data"],"pid":42239,"message":"[Conne>
Aug 10 15:06:32 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:32Z","tags":["error","opensearch","data"],"pid":42239,"message":"[Conne>
Aug 10 15:06:34 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:34Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:37 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:37Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:39 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:39Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:42 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:42Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:44 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:44Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:47 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:47Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:49 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:49Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 10 15:06:52 etap opensearch-dashboards[42239]: {"type":"log","@timestamp":"2022-08-10T15:06:52Z","tags":["error","opensearch","data"],"pid":42239,"message":"[ConnectionError]: unable to verify the first certificate"}
lines 1-19/19 (END)
We can access wazuh dashboard and the sectigo ssl has been applied but the dashboard just showing us "Wazuh dashboard server is not ready yet"
Hope you can understand our issues, thank you before
Damian Nicastro
Aug 10, 2022, 12:41:56 PM8/10/22
to Wazuh mailing list
Hi @
afikagaming666:
I hope you are fine.
The first thing to understand that loading the Web UI after a Wazuh-dashboard restart might take a couple of minutes. Please, don't forget to try opening a clean cached browser and wait a bit.
Seeing the "ConnectionError", it seems that the CA is not able to verify the certificate, check this first:
# openssl verify -CAfile
/etc/wazuh-dashboard/ path to Sectigo bundle/RootCA.crt /etc/wazuh-dashboard/path to Sectigo bundle/cert.pem
If this does not return "OK", you can try converting the wazuh-dashboard certificate to CRT and verify it again:
# openssl x509 -inform PEM -outform DER -in my_certificate.pem -out my_certificate.crt
But keep a backup of the original certicate to roll back i needed.
I none of this works, I will need you to send the output of:
# systemctl status wazuh-dashboard -l
# journalctl -u wazuh-dashboard --no-pager | grep -iE 'WARN|ERROR'
I hoppe this helps.
Thanks
Afika Fairuz
Aug 10, 2022, 10:45:40 PM8/10/22
to Wazuh mailing list
Hello again, Damian
Thank you for still responding our question
We have waiting for service running, clear the browser history, cache etc but still "Wazuh dashboard server is not ready yet"
We have try to verify the certificate with this command and result:
# openssl verify -CAfile /etc/wazuh-dashboard/path to Sectigo/RootCA.crt /etc/wazuh-dashboard/path to Sectigo/cert.pem
Output:
C = ID, ST = Our Region, O = Our Organization, CN = *.Our Domain
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/wazuh-dashboard/path to Sectigo/cert.pem: verification failed
C = ID, ST = Our Region, O = Our Organization, CN = *.Our Domain
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/wazuh-dashboard/path to Sectigo/cert.pem: verification failed
Then, because its no OK, then we try Your suggestion to convert certificate to CRT, in this case we do to Sectigo cert.pem and to dashboard.pem in /etc/wazuh-dashboard/certs
# openssl x509 -inform PEM -outform DER -in /etc/wazuh-dashboard/path to Sectigo/cert.pem -out /etc/wazuh-dashboard/path to Sectigo/cert.crt
and so with
# openssl x509 -inform PEM -outform DER -in
/etc/wazuh-dashboard/certs/dashboard.pem -out /etc/wazuh-dashboard/path to Sectigo/dashboard.crt
Change cert ownership to wazuh-dashboard and and then we edit opensearch-dashboards.yml to this:
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/path to Sectigo/private.key"
server.ssl.certificate: "/etc/wazuh-dashboard/path to Sectigo/cert.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/path to Sectigo/cert.crt"]
uiSettings.overrides.defaultRoute: /app/wazuh
server.ssl.certificate: "/etc/wazuh-dashboard/path to Sectigo/cert.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/path to Sectigo/cert.crt"]
uiSettings.overrides.defaultRoute: /app/wazuh
Then restart wazuh-dashboard
# systemctl restart wazuh-dashboard
Wait for a while, and still couldnt access wazuh-dashboard GUI
here the output from # systemctl status wazuh-dashboard -l:
wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-08-11 09:16:16 WIB; 23min ago
Main PID: 133754 (node)
Tasks: 11 (limit: 9442)
Memory: 122.4M
CGroup: /system.slice/wazuh-dashboard.service
└─133754 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard>
Aug 11 09:39:29 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:29Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:32 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:32Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:34 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:34Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:37 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:37Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:39 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:39Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:42 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:42Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:44 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:44Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:47 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:47Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:49 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:49Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:52 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:52Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Main PID: 133754 (node)
Tasks: 11 (limit: 9442)
Memory: 122.4M
CGroup: /system.slice/wazuh-dashboard.service
└─133754 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard>
Aug 11 09:39:29 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:29Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:32 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:32Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:34 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:34Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:37 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:37Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:39 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:39Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:42 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:42Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:44 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:44Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:47 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:47Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:49 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:49Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
Aug 11 09:39:52 etap opensearch-dashboards[133754]: {"type":"log","@timestamp":"2022-08-11T02:39:52Z","tags":["error","opensearch","data"],"pid":133754,"message":"[ConnectionError]: unable to verify the first certificate"}
and here the output from # journalctl -u wazuh-dashboard --no-pager | grep -iE 'WARN|ERROR'
Jul 27 09:29:31 etap opensearch-dashboards[913217]: {"type":"log","@timestamp":"2022-07-27T02:29:31Z","tags":["error","opensearch","data"],"pid":913217,"message":"[cluster_block_exception]: index [.kibana_2] blocked by: [FORBIDDEN/8/index write (api)];"}
Jul 27 09:29:31 etap opensearch-dashboards[913217]: {"type":"log","@timestamp":"2022-07-27T02:29:31Z","tags":["error","opensearch","data"],"pid":913217,"message":"[cluster_block_exception]: index [.kibana_2] blocked by: [FORBIDDEN/8/index write (api)];"}
Jul 27 09:29:31 etap opensearch-dashboards[913217]: {"type":"log","@timestamp":"2022-07-27T02:29:31Z","tags":["error","opensearch","data"],"pid":913217,"message":"[cluster_block_exception]: index [.kibana_2] blocked by: [FORBIDDEN/8/index write (api)];"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:29:31 etap opensearch-dashboards[913217]: {"type":"log","@timestamp":"2022-07-27T02:29:31Z","tags":["error","opensearch","data"],"pid":913217,"message":"[cluster_block_exception]: index [.kibana_2] blocked by: [FORBIDDEN/8/index write (api)];"}
Jul 27 09:29:31 etap opensearch-dashboards[913217]: {"type":"log","@timestamp":"2022-07-27T02:29:31Z","tags":["error","opensearch","data"],"pid":913217,"message":"[cluster_block_exception]: index [.kibana_2] blocked by: [FORBIDDEN/8/index write (api)];"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Jul 27 09:30:54 etap opensearch-dashboards[913217]: {"type":"error","@timestamp":"2022-07-27T02:30:54Z","tags":["connection","client","error"],"pid":913217,"level":"error","error":{"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140244707522368:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
Sorry before
Afika Fairuz
Aug 11, 2022, 5:30:14 AM8/11/22
to Wazuh mailing list
Hello Damian,
Thank you before
I've roll back everything
And we made it, we have implement certificates for wazuh
Thank you before
I've roll back everything
And we made it, we have implement certificates for wazuh
And we, no, Me, realize the little but big mistake
We have put the certificates in wazuh server host,
And we edit /etc/wazuh-dashboard/opensearch_dashboards.yml
And we edit /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate
#opensearch.username:
#opensearch.password:
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/path to Sectigo/private.key"
server.ssl.certificate: "/etc/wazuh-dashboard/path to Sectigo/cert.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/path to Sectigo/cert.crt"]
uiSettings.overrides.defaultRoute: /app/wazuh
server.ssl.certificate: "/etc/wazuh-dashboard/path to Sectigo/cert.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/path to Sectigo/cert.crt"]
uiSettings.overrides.defaultRoute: /app/wazuh
the opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/path to Sectigo/cert.crt"] shouldnt be replaced by sectigo rootCA.cert, it should be still wazuh root-ca.cert
as we restore that line to default, and, voila, We made it.
Thank you for your help, really appreciate it.
I'm really sorry for this problem.
I'm really sorry for this problem.
Hope you're doing well
[SOLVED]
Damian Nicastro
Aug 11, 2022, 8:12:43 AM8/11/22
to Wazuh mailing list
Hi @afikagaming666:
I hope you are fine.
I am glad you managed it to solve the issue. It was clearly a problem with the Certificate authority. It must be always the one that issued the certificate.
Thanks
Reply all
Reply to author
Forward
0 new messages