Unsure how to configure SSL settings for Kibana for a default self signed cert to work

[bhss0000ff]

First time posting. I have read security onion documentation and elastic documentation, but still lost...

While setting up Kibana in Security Onion 2.3 I found that I cannot curl from local host or the ip address of the security onion vm on port 5601.

I keep getting an error "SSL received a record that exceeded the maximum permissible length"

This will be for a development area just testing some ingest of beats from linux systems in a seperate subnet. We are not using PKI or creating new certs from a CA.

Things I have tried:

enabling ssl on kibana.yml and setting veritication to none in /opt/so/conf/kibana.yml
restarting kibana so-kibana-restart

The service comes up fine, but the curl is still giving the error. I am guessing I need to get this resolved before I set up the clients beat files to ingest.

I am not sure where my keystore should be or if a default self signed cert is added during the initial security onion setup.

Any help / guidance / mentoring is appreciated.

[cm-ops]

Would you provide some information around you grid (architecture, version, etc.)?

[bhss0000ff]

VM is running on VMWare ESXi 6.7.0. 4 CPU / 20 GB RAM / 300 GB HD. I downloaded the ISO image that creates the CentOS 7 image and then installs SO on top.
2.3.220-20230301 ISO image

I used the eval version and airgap and kept most of the settings default.

[bhss0000ff]

@cm-ops today I looked at some more documentation and figured out that my eval version will not allow beats to work, so I am rebuilding as standalone. I also found out that SO is not using port 5601 but is instead using /kibana. When I curl using the /kibana it provides a redirect. My guess is that due to the containers there is some internal stuff that makes the magic happen.

[cm-ops]

Okay, sounds good on the standalone install/setup. Take a look at /opt/so/conf/nginx/nginx.conf as well.