Skip to content

Access clusters using SSL

Jump to bottom
Carsten König edited this page Jan 6, 2025 · 16 revisions

It is completely possible to use elasticvue with a cluster that uses SSL, as long as your browser trusts your certificate.

The easiest solution is to use elasticvue desktop, this will automatically bypass certificate restrictions. Download

If you dont use elasticvue desktop you have multiple options:

To test if your browser accepts the certificate simply open the url to your cluster in your browser. If you see a certificate warning you will not be able to connect in elasticvue. Chose one of the following options to fix this:

Option 1 - Trusted certificate authority

Use a trusted certificate authority (like letsencrypt) to generate certificates for your cluster. This way your browser will accept the certificate automatically. This is mostly suited for production environments.

Option 2 - Manually import the CA into your certificate store

Manually import the servers CA to your browsers certificate store. The workflow might be different per browser or operating system, but for linux you can do the following:

Chrome: Settings / Security and Privacy / Security / Manage certificates / Authorities Tab / Import / Select your CA / Check "Trust this CA to identify websites."
Firefox: Settings / Privacy & Security / Certificates / View Certificates... / Authorities Tab / Import... / Select your CA / Check "Trust this CA to identify websites."

For elasticsearch 8 import the file elasticsearch/config/certs/http_ca.crt

Option 3 - Temporarily accepting the certificate

  1. When you try to connect your (untrusted) SSL cluster in elasticvue it will show a red error message. This message includes a link to your cluster.
  2. Click on that link (or open the URL to your cluster manually in your browser)
  3. Your browser will warn you about your untrusted certificate. Trust the certificate (you may have to accept some warnings)
  4. Go back to elasticvue and test the connection again. You should be able to connect.

The drawback of this solution is that you might have to do that every time you reopen your browser. Trusting an untrusted certificate is usually only saved temporarily.

Option 4 - Proxy server

Use a local proxy server like simprox to bypass browser restrictions: Start the proxy:

simprox -h 127.0.0.1:7000 -t https://your.cluster.com --skip-ssl-verify

Then connect to http://localhost:7000 (http, not https!) in elasticvue. You still have to set username/password in elasticvue if your cluster uses authorization.

Clone this wiki locally