SSL Configuration on Linux[Red Hat Enterprise Linux Server release 7.2 (Maipo)]

AviralSri asked:

My Linux distro : Red Hat Enterprise Linux Server release 7.2 (Maipo)
Configuring ssl on this software
Kibana-4.3.0-linux-x64

I am trying to configure ssl on kibana.

The steps I followed:

  1. Generated private key

    openssl genrsa -out privatekey.key 2048
    

    The above command created a file names privatekey.key .

  2. Genrated CSR

    openssl req -new -key privatekey.key -out linux.csr
    

    Entered the details this csr asked. and then linux.csr file was created.

  3. I submitted this linux.csr to my organization and I was issued a certificate certnew.cer
    The certificate contents were like:

    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    
  4. Now kibana-4.3.0-linux-x64 folder was present on home path of linux machine
    I made the following changes to kibana.yml file

    ssl.server..cert : /home/.../certnew.cer
    ssl.server.key : /home/.../privatekey.key
    
  5. Now, I start kibana and get the following log:-
    In the log it says:

    log [17:49:38.853] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
    log [17:49:38.925] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
    log [17:49:38.965] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
    log [17:49:38.977] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
    log [17:49:38.994] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
    log [17:49:39.002] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
    log [17:49:39.009] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
    log [17:49:39.013] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
    log [17:49:39.021] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
    log [17:49:39.046] [info][listening] Server running at https://xx.xx.xx.xxx:8601
    

In the Browser when I try to open https://xx.xx.xx.xxx:8601. It runs but it is specified as Not secure and https is crossed in red colour.
Can anybody help me what steps I am missing ?

What I understand is that I need to add ssl certificate [certnew.cer] or maybe privatekey[privatekey.key] to linux trusted list which I suppose. Can anybody help me with that or point me to a link

My answer:


TLS certificates are issued for hostnames, not for IP addresses. Use the appropriate hostname in your URL.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.