Replacing the Kibana Certificate

This procedure describes how to replace the Kibana certificate.

Before you begin

• Verify that the Kibana certificate PEM file is available, as described in Creating a Kibana Certificate.
• Verify that the private key PEM file is available, as described in Creating a CA Certificate and Key.

Begin

1. Navigate to one of the following locations:
   • UNIX: $HOME/ctm_em/kibana/config
   • Windows: %EM_HOME%\kibana\config
2. Place the certificate and key files in the following folder:

   kibana/config/certificates

3. In the kibana.yml file in the config folder, update the following properties with the paths to the key and certificate files:
   • Key: server.ssl.key
   • Certificate: server.ssl.certificate

   EXAMPLE: server.ssl.key: /home/em/ctm_em/kibana/config/certificates/new-kibana-node-key.pem

4. Restart the Kibana process.
5. Test the new Kibana certificate by running the following command:

   curl --cacert $HOME/ctm_em/ini/ssl/elastic_ca.pem -L https://`hostname`:<server-host>

   EXAMPLE: curl --cacert $HOME/ctm_em/ini/ssl/elastic_ca.pem -L https://dba-tlv-v1cwm6:19201

6. Verify that you see the following: {"statusCode":401,"error":"Unauthorized","message":"Authentication required"}

   The Kibana certificate is replaced.