Basic username/password authentication for ELK, i was able to achieve using searchguard on windows platform.

Now i am trying to establish secure communication. I have performed the following changes,

In elasticsearch.yml

    searchguard.ssl.http.enabled: true
    searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks
    searchguard.ssl.http.keystore_password: 221749a2add117cf889f
    searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks 
    searchguard.ssl.http.truststore_password: 6d6cf1cc017dc874960b 

    searchguard.authcz.admin_dn:                                
      - CN=sgadmin 

    searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks
    searchguard.ssl.transport.keystore_password: 221749a2add117cf889f 
    searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks 
    searchguard.ssl.transport.truststore_password: 6d6cf1cc017dc874960b

In Kibana.yml

elasticsearch.url: "https://localhost:9200"  
elasticsearch.username: "admin"  
elasticsearch.password: "admin"

If i login to kibana, using http://localhost:5601, it asks for username and password. I dont know what credentails to enter here. i tried admin/admin. Its not working. Before i gave searchguard.ssl.http.... configurations, admin/admin was working fine.

After i added all the searchguard.ssl.http related configuration, the credentails are not working.

I am sure there is some other configuration in kibana.yml w.r.t searchguard configuration. I am not able to find it online. Can any one please help me here on what is missing.

Enabling TLS on the REST layer does not have any impact on user authentication/authorisation. The only difference is:

• If you enable TLS on REST layer, only HTTPS access is allowed. You will see an error message if you try to access ES with HTTP
• If you disable TLS on REST layer, only HTTP access is allowed. You will see an error message if you try to access ES with HTTPS.

Search Guard will authenticate the credentials against the configured authentication backend in sg_config.yml. If you use the default configuration that ships with Search Guard, it will use the internal user database and the users defined in internal_users.yml. The default "admin" user has full access to all indices and types, so you should be able to use this user to log into Kibana. If you need a user with limited access, the corresponding demo user is "kibanaro". Please refer to internal_users.yml to see all demo users.

Since ES 5.0.2, you need to install the Search Guard Kibana plugin for full authentication and session support. You can find the plugin on the corresponding GitHub repository. You install it like any other Kibana plugin, for example:

bin/kibana-plugin install https://github.com/floragunncom/search-guard-kibana-plugin/releases/download/v5.4.3-3/searchguard-kibana-5.4.3-3.zip

If you do not need advanced stuff like multi-tenancy or JWT Single Sign-on, it should start and work out of the box.

If this does not help, please post the output of your Elasticsearch log files when trying to log in.

Disclaimer: I work for floragunn, makers of Search Guard.