Secure Sockets Layer (SSL) and Transport Layer Security (TLS) provide encryption for data-in-transit. While these terms are often used interchangeably, Kibana supports only TLS, which supersedes the old SSL protocols.
Browsers send traffic to Kibana and Kibana sends traffic to Elasticsearch. These communication channels are configured separately to use TLS.
TLS requires X.509 certificates to authenticate the communicating parties and perform encryption of data-in-transit. Each certificate contains a public key and has an associated — but separate — private key; these keys are used for cryptographic operations. Kibana supports certificates and private keys in PEM or PKCS#12 format.
See Set up basic security for the Elastic Stack to encrypt HTTP communications for Elasticsearch and Kibana.