Look into ELASTICSEARCH_SSL_VERIFICATIONMODE for Kibana app in DA

[Ak-sky]

To have secure connection between Kibana and ES instance, setting this value ELASTICSEARCH_SSL_VERIFICATIONMODE: full is required.
This env variable controls the verification of certificates presented by Elasticsearch. Valid values are none, certificate, and full. full performs hostname verification, and certificate does not, as this should be secure by default I believe the value should be set as full.
This needs to be lookd into as below is mentioned here

Kibana runs with ELASTICSEARCH_SSL_VERIFICATIONMODE set to none, so although the traffic between Kibana and Elasticsearch is encrypted, the Elasticsearch service is not verified against the CA certificate provided by IBM Databases for Elasticsearch credentials.

[Ak-sky]

• IBM Elasticsearch utilizes self-signed certificates, meaning no third-party Certificate Authority (CA) is involved in verifying the authenticity of the certificate during the TLS handshake. This means the client cannot be sure the certificate is genuine and not a fake created by an attacker.

• While the connection is secure (HTTPS), to mitigate risks such as man-in-the-middle attacks, communication between Kibana and the Elasticsearch instance occurs exclusively over IBM's private network.

Here is a diagram to understand the basic flow.

Closing this.