ElasticStack / Kibana WebHooks - Won't work with the default self-signed certificates

Andy99 · May 26, 2022, 9:52am

Hi all,

I am attempting to use the WebHooks feature in Kibana to send passive alerts from our ElasticStack to the Icinga API. I have no issues with the API syntax and JSON payload, however,
Kibana insists that WebHooks are not allowed with self-signed certificates (i.e. the default Icinga API configuration).

Has anyone else successfully achieved this, either by changing a Kibana setting, adding the Icinga cert to Kibana, or by using trusted/company certificates on their Master server ?

I have certificates setup on the Icingaweb2 side for Apache authentication, which is working well, but the API certificates are obviously handled separately. I can see some discussion in the last couple of years relating to using non self-signed certs, but I cannot find any success stories, or specific details of the reasons why it would not work.

I am using Icinga 2.13.x and a recent version of Elastic/Kibana. I am not using Icinga Director.

Thanks in advance,
Andy

moreamazingnick · May 27, 2022, 6:14am

Icinga Api Certificates are selfsigned but you could export import the public key of your icinga master in the cert store of your kibana server, so the icinga master is actually trusted.
Or put the ca’s public key into the certificate store to make all connections to all icinga instances trusted

have you read [Kibana action webhook failing - Kibana - Discuss the Elastic Stack] ?

Andy99 · May 27, 2022, 1:02pm

Thanks for the reply, that’s a good suggestion.

I have also just discovered the ‘xpack.actions.customHostSettings’ feature in Kibana which appears to allow self-signed certificates for a specified URL:port.

Andy