I am using self-generated certs created on the ES master node, running a brand new install of 7.14 - all the server components (Es, Kibana, LS, MB & FB) are talking and working well with each other.
After deploying the Windows agent to a Win 10 machine, it failed to enrol with unsigned cert errors, despite the ca cert being in the trusted root store of the wks. So I installed the agent with the '--insecure' option and it has worked and shows up in Fleet - it all appears normal, however there is no data in the relevant indexes for this host.
The agent logs confirm 'SSL/TLS verifications disabled' - however the Filebeat and Metricbeat logs indicate that no data can be transferred as both services: 'Error: fail to connect - x509: certificate signed by unknown authority'.
How to fix this?