Certificate renewal and Fleet

My designated fleet-server (windows) has a internal Enterprise-certificate that is gonna expire soon.

I know how to request the new CSR and issue the CER/PEM from my elastic -nodes, but I can't figure out where the Fleet-server's TLS-settings are, which YML-file?

in Kibana --> Fleet --> Settings I can see Outputs and stuff, but nowhere is the path .KEY, .PEM and CA-PEM specified.
The fleet-server runs on a Windows-server, and the fleet-server.exe process appears to run from C:\Program Files\Elastic\Agent\data..

I have a previous set of certificates on this server, but not sure if they were ever used or needed. Any tip?

Got Platinum support but Im always pointed towards forums for non-incidents.

Are you going to change the CA or something? If not, you just need to replace the files that you used when you created the Fleet Server and restart the fleet server.

No, it's the same CA and yes, I kept the CA's pem-file on the standalone logcluster-node today and it worked fine.

But it annoys me that I don't know where those settings are regarding the designated fleet-server.

Elastic Agent was originally installed on the D:\ drive on the fleet-server, but after some agent-upgrades, the agent runs from c:\program files\elastic like on all other enrolled hosts

When you install the Fleet Server you need to specify the certificate file and the ca file for that certificate, you need to edit those same files.

Unfortunately the documentation on how to update/change the certificate of a Fleet server is non-existent, I have the same issue a couple of months ago.

That sucks a bit.. But I wont bother with support on this one.. i'll just replace the certs and check with netcat that the thumbprint actually changes after restarting the agent..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.