Hello Everyone,
I have completed an all-in-one deployment and am now seeking to secure web browser to kibana via ssl with a wildcard SSL certificate issued to me by our office.
Being a beginner in SSL, I have been looking around and been studying but still can't wrap my head around applying the office given certificates (which I have also converted into PEM format).
My current kibana.yml has the ff lines:
server.host: F.Q.D.N
server.port: 443
elasticsearch.ssl.verificationMode: certificate
elasticsearch.username: kibanaserver
elasticsearch.password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: true
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/kibana/certs/kibana-key.pem"
server.ssl.certificate: "/etc/kibana/certs/kibana.pem"
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/root-ca.pem"]
server.defaultRoute: /app/wazuh?security_tenant=global
And with me are 4 cert types as described below(in crt and pem formats):
Root CA Certificate
2x Intermediate CA Certificate
Wildcard Certificate
Somewhere, I think I am supposed to generate a private key and CSR with matching fqdn lookup as it we have the server's name registered in public DNS. From there I think I am supposed to modify the config like below:
server.ssl.key: "generated.key"
server.ssl.certificate: "wildcardcertificate.pem"
Seeing as I am a noob in SSL, am I getting this right???
Thanks for the time in reading this and I hope people in this forum are doing wonderful.
Thank you