Wazuh Dashboard 4.14 Installation - Step-by-Step Guide

Wazuh Dashboard is the web-based management interface built on OpenSearch Dashboards. It provides administrators with access to alerts, visualizations, agent management, and security settings. Before installing the dashboard, complete the Wazuh Indexer installation and the Wazuh Server installation .

Prerequisites

Hardware requirements

Parameter	Minimum	Recommended
CPU	2 cores	4 cores
RAM	2 GB	8 GB
Disk	20 GB	20 GB

Network requirements

Port	Purpose
443/TCP	Web interface (HTTPS)
9200/TCP	Connection to Wazuh Indexer

Dependencies

A running Wazuh Indexer
A running Wazuh Server
The wazuh-certificates.tar file

Adding the Repository

Ubuntu / Debian

apt-get install gnupg apt-transport-https
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring \
  --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" \
  | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update

CentOS / RHEL 8 and earlier (YUM)

rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' \
  | tee /etc/yum.repos.d/wazuh.repo

RHEL 9+ / CentOS Stream 10 (DNF)

rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\npriority=1' \
  | tee /etc/yum.repos.d/wazuh.repo

Installing Dependencies and the Package

Ubuntu / Debian

apt-get install debhelper tar curl libcap2-bin
apt-get -y install wazuh-dashboard

CentOS / RHEL 8 and earlier

yum install libcap
yum -y install wazuh-dashboard

RHEL 9+ / CentOS Stream 10

dnf install libcap
dnf -y install wazuh-dashboard

Configuring opensearch_dashboards.yml

Edit /etc/wazuh-dashboard/opensearch_dashboards.yml:

server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9200
opensearch.ssl.verificationMode: certificate

Key parameters

Parameter	Description	Default
`server.host`	IP address or `0.0.0.0` to accept connections on all interfaces	`0.0.0.0`
`server.port`	Web interface port	`443`
`opensearch.hosts`	Indexer URL (or array of URLs for a cluster)	`https://localhost:9200`
`opensearch.ssl.verificationMode`	TLS certificate verification mode	`certificate`

To connect to a multi-node indexer cluster, specify multiple addresses:

opensearch.hosts:
  - https://<INDEXER_IP_1>:9200
  - https://<INDEXER_IP_2>:9200
  - https://<INDEXER_IP_3>:9200

If the dashboard is installed on a different host than the indexer, replace localhost with the indexer IP address.

Deploying Certificates

NODE_NAME=dashboard

mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ \
  ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem

[ ! -e /etc/wazuh-dashboard/certs/dashboard.pem ] && \
  mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[ ! -e /etc/wazuh-dashboard/certs/dashboard-key.pem ] && \
  mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem

chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs

Replace dashboard with the dashboard node name specified in config.yml during certificate generation.

Starting the Service

systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard

Configuring the Wazuh Server Connection

Edit /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:

hosts:
  - default:
      url: https://<WAZUH_SERVER_IP>
      port: 55000
      username: wazuh-wui
      password: <WUI_PASSWORD>
      run_as: true

Replace <WAZUH_SERVER_IP> with the Wazuh Manager host IP and <WUI_PASSWORD> with the wazuh-wui user password.

First Login

Open a browser and navigate to:

https://<DASHBOARD_IP>

Default credentials:

Username: admin
Password: admin

The browser will display a self-signed certificate warning. Accept the exception to proceed.

Changing Default Passwords

For production environments, all default passwords must be changed.

Change all passwords (recommended)

/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh \
  --api --change-all --admin-user wazuh --admin-password wazuh

This command changes passwords for all internal users, including admin and wazuh-wui.

Change a specific user password

/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh \
  --user admin --password <NEW_PASSWORD> --admin-user wazuh --admin-password wazuh

After changing passwords, update the connection configuration in /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml and restart the dashboard:

systemctl restart wazuh-dashboard

Also update the Filebeat keystore credentials on the server:

echo <NEW_PASSWORD> | filebeat keystore add password --stdin --force
systemctl restart filebeat

Using Custom Certificates

To replace self-signed certificates with those issued by a corporate or public CA:

Place the certificate, key, and CA files in /etc/wazuh-dashboard/certs/
Update the paths in /etc/wazuh-dashboard/opensearch_dashboards.yml:

server.ssl.enabled: true
server.ssl.certificate: /etc/wazuh-dashboard/certs/your-cert.pem
server.ssl.key: /etc/wazuh-dashboard/certs/your-key.pem
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/your-ca.pem"]

Set the file permissions:

chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs

Restart the service:

systemctl restart wazuh-dashboard

Troubleshooting

Dashboard fails to start

journalctl -u wazuh-dashboard -xe

Common causes:

Port 443 is occupied by another process (e.g., Apache or Nginx)
Syntax errors in opensearch_dashboards.yml - validate the YAML format
Incorrect certificate permissions

Cannot connect to the indexer

Verify indexer availability: curl -k -u admin https://<INDEXER_IP>:9200
Confirm that opensearch.hosts contains the correct URL
Check certificates in /etc/wazuh-dashboard/certs/

“Wazuh API is not reachable” error

Verify API availability: curl -sk -u wazuh-wui:<PASSWORD> -X POST "https://<SERVER_IP>:55000/security/user/authenticate"
Confirm the URL, port, and credentials in wazuh.yml are correct
Check Wazuh Manager status: systemctl status wazuh-manager

Page loads without data

Wait for data indexing (may take several minutes after first startup)
Check for indices: curl -k -u admin https://<INDEXER_IP>:9200/_cat/indices?v
Verify that Filebeat is forwarding data: filebeat test output on the server

Disabling Automatic Updates

Ubuntu / Debian:

sed -i "s/^deb /#deb /" /etc/apt/sources.list.d/wazuh.list
apt-get update

CentOS / RHEL:

sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo

Next Steps

Wazuh Agent Installation - deploy agents to monitored endpoints
Wazuh Components - description of each platform component
Uninstalling Wazuh - component removal procedure

Last updated on 8, April 2026

Wazuh Agent 4.14 Installation - Linux, Windows, macOS Wazuh Indexer 4.14 Installation - Step-by-Step Guide