[beatCM] 6.5.0 Internal Certificate authority, or Mismatch host how to configure?


(Todd) #1

When I am attempting to enroll a beat to centralized management I'm receiving this error:

[root@dactyl filebeat]# filebeat -e -v enroll https://thehostname:5601 thetokengivenbykibana -E setup.kibana.ssl.verification_mode=none
2018-11-15T22:02:16.466-0600 INFO instance/beat.go:616 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2018-11-15T22:02:16.467-0600 INFO instance/beat.go:623 Beat UUID: 96539986-712a-4b88-b757-9a8faf291d2f
2018-11-15T22:02:16.467-0600 INFO kibana/client.go:118 Kibana url: https://thesamehostname:5601
Error while enrolling: fail to execute the HTTP POST request: Post https://thesamehostname5601/api/beats/agent/96539986-xxxx-4b88-xxx-9a8faf291d2f: x509: certificate signed by unknown authority

I'm trying to just get it connected, I also have a case where a hostname mismatches (I blame nat), How would one go about specifiying a CA, or ssl verification none?


(Steffen Siering) #2

You will have to add your CA certificate to the systems CA list.