diff --git a/.gitignore b/.gitignore
index 18c9f355..ec4bd9e4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 .cache
 *.swp
-__pycache__*
\ No newline at end of file
+__pycache__*
diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml
index 7aa06f7b..c97c8fbf 100644
--- a/roles/kibana/defaults/main.yml
+++ b/roles/kibana/defaults/main.yml
@@ -5,7 +5,7 @@ kibana_config_backup: true
 kibana_manage_yaml: true
 
 kibana_security: true
-kibana_tls: false
+kibana_tls: true
 kibana_tls_cert: /etc/kibana/certs/cert.pem
 kibana_tls_key: /etc/kibana/certs/key.pem
 kibana_tls_key_passphrase: PleaseChangeMe
diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml
index 4bb14fbd..925c3417 100644
--- a/roles/kibana/tasks/kibana-security.yml
+++ b/roles/kibana/tasks/kibana-security.yml
@@ -258,3 +258,7 @@
     - certificates
     - renew_ca
     - renew_kibana_cert
+
+- name: Create default web certificate
+  ansible.builtin.include_tasks: kibana-web-cert.yml
+  when: kibana_tls | bool
diff --git a/roles/kibana/tasks/kibana-web-cert.yml b/roles/kibana/tasks/kibana-web-cert.yml
new file mode 100644
index 00000000..fb9fd69c
--- /dev/null
+++ b/roles/kibana/tasks/kibana-web-cert.yml
@@ -0,0 +1,37 @@
+---
+
+- name: Check if TLS certificate exists
+  ansible.builtin.stat:
+    path: "{{ kibana_tls_cert }}"
+  register: cert_stat
+
+- name: Check if TLS key exists
+  ansible.builtin.stat:
+    path: "{{ kibana_tls_key }}"
+  register: key_stat
+
+- name: Generate default OpenSSL Kibana TLS key
+  ansible.builtin.command:
+    cmd: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out {{ kibana_tls_key }}
+  when: not key_stat.stat.exists
+  changed_when: not key_stat.stat.exists
+
+- name: Generate default OpenSSL Kibana TLS certificate
+  ansible.builtin.command:
+    cmd: openssl req -x509 -key {{ kibana_tls_key }} -out {{ kibana_tls_cert }} -days 3650 -nodes -subj "/CN={{ ansible_fqdn }}"
+  when: not cert_stat.stat.exists
+  changed_when: not cert_stat.stat.exists
+
+- name: Set proper permissions for Kibana TLS certificate
+  ansible.builtin.file:
+    path: "{{ kibana_tls_cert }}"
+    mode: '0644'
+    owner: kibana
+    group: kibana
+
+- name: Set proper permissions for Kibana TLS key
+  ansible.builtin.file:
+    path: "{{ kibana_tls_key }}"
+    mode: '0600'
+    owner: kibana
+    group: kibana