I'm in the process of getting Fleet added to my Elastic cluster. I have a Fleet server and have enrolled the Fleet server using Quick Start for handling certificates when enrolling because I was having issues with certutil. I've finally managed to get a certificate working and have a CRT and key so I'm ready to add them to the Fleet server enrollment. At this point, I have two questions I'm stuck on:
- Do any of the 4 cert files needed for enrollment (ca.crt, fleet-server.crt, fleet-server.key, Elasticsearch-ca.crt) need to be copied to the Fleet server itself? I currently have them on the server with Elasticsearch installed where I generated the cert with certutil. I'm following the Encrypt traffic in clusters with a self-managed Fleet Server page and am confusing myself on what goes where.
- Am I able to add the certificates to my enrollment even though I chose Quick Start at enrollment, or would I need to unenroll Fleet server and enroll again choosing Production for deployment mode? If I am able to add the certs without re-enrolling, how do I go about doing that?
Thanks so much!