CentOS Stream8 Elastic Agent not sending streams

Hello

I have just setup a fresh install of ELK + a few agents running on Ubuntu and everything works as expected.

However, as soon as I add the same agent version, 7.14.1 on a CentOS Strem 8, it fails with the following error under filebeat logs:

/opt/Elastic/Agent/data/elastic-agent-703d58/logs/default/filebeat-json.log

{"log.level":"error","@timestamp":"2021-09-10T05:54:22.825-0400","log.logger":"esclientleg","log.origin":{"file.name":"transport/logging.go","file.line":37},"message":"Error dialing x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"Elastic Certificate Tool Autogenerated CA\")","service.name":"filebeat","network":"tcp","address":"siem03.clear.com:9200","ecs.version":"1.6.0"}

I have already imported the .crt in the local trust store and also enrolled the agent with the '--insecure' keyword and also --fleet-server-es-ca=[path to cert]

Why the same configuration works on Ubuntu and not on CentOS?

Thanks in advance

Did you import the CA into the local store? If you imported the CA why the usage of --insecure? If the CA is imported it will be able to successfully validate the certificate, as long as the CA is for the correct domain or IP address.

thank you, I actually fixed it shortly after, when verifying that the CentOS had the correct cert installed in the trust store.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.