Guidance Required for Secure SSL Configuration in On-Premises Wazuh Deployment

32 views
Skip to first unread message

Jack Martin

unread,
May 13, 2026, 10:11:49 AM (4 days ago) May 13
to Wazuh | Mailing List

Dear Wazuh Support Team,

I hope you are doing well.

I am currently using an on-premises Wazuh deployment in my environment. While accessing the Wazuh Dashboard, I am encountering a “not secure” warning due to SSL configuration.

I previously attempted to resolve this issue by following the guide for configuring SSL certificates on the Wazuh Dashboard using Let’s Encrypt. However, this approach requires a public domain name, which is not available in my current setup.

Could you please advise on alternative methods to properly secure the Wazuh Dashboard in an on-premises environment without a public domain? Specifically, I would like to know the recommended approaches such as:

  • Using self-signed certificates in a secure and supported manner
  • Using an internal Certificate Authority (CA) for SSL generation
  • Any Wazuh-recommended method for securing HTTPS in offline/on-prem environments
  • How to eliminate browser “Not Secure” warnings while maintaining proper security compliance

My requirement is to ensure the Wazuh Dashboard is secured with a valid SSL configuration suitable for production on-premises usage.

I would appreciate your guidance or any official documentation that can help me implement the correct solution.

Thank you for your support.

Kind regards,
jack

image.pngsee in image not secure my server was in ubunut os 

Jorest Brice Tankoua Njassep

unread,
May 13, 2026, 6:51:48 PM (4 days ago) May 13
to Wazuh | Mailing List
Hi Jack,

Follow the steps below 


Download the Wazuh cert tool: https://packages.wazuh.com/4.14/wazuh-certs-tool.sh

Create a file named config.yml in the same folder as the script. Since you don't have a domain, use your server's private IP:

nodes:
  dashboard:
    - name: dashboard
      ip: 192.168.1.100  # Your actual server IP


Run the Script. Use the -A (all) option to generate everything:

bash wazuh-certs-tool.sh -A

This will create a folder named wazuh-certificates/ containing your files.


Copy the files to the dashboard directory:   dashboard.pem ---> /etc/wazuh-dashboard/certs/

dashboard-key.pem ----> /etc/wazuh-dashboard/certs/

root-ca.pem -----> /etc/wazuh-dashboard/certs/


The script generates certificates that are technically valid, but your browser doesn't know who "Wazuh" is as an authority.  Copy the root-ca.pem from the server to your laptop.

Change the extension to .crt
Import it into your "Trusted Root Certification Authorities" (on Windows, use certlm.msc).
Reply all
Reply to author
Forward
0 new messages