Configure Fleet SSL Cert Port 8220

I have deployed a Fleet server and I want to change the SSL cert that is being used. Is there a config file somewhere that I can modify to use the certificates that I generated?
I want to avoid having to use the --insecure parameter when installing my Elastic Agents.

Did you change the CA as well?

If you also need to change the CA you will need to reenroll your fleet server and probably all your agents.

If you changes just the certificate and the key, it may work if you replace the files in the disk.

I was able to fix this by re-enrolling and providing url, certificate-authorities, fleet-server-cert, fleet-server-cert-key. I had no provided any of those before.

So far, the 11 agents I had in my pilot group all remained connected without any issue.

For those like me that are kind of new, you can just run the elastic-agent enroll process again with all the parameters included. I was hunting around trying to find a YAML file to edit, similar to configuring kibana, or elasticsearch, but it's much simpler than that.

sudo elastic-agent enroll --url=https://fleetserver.my.local:8220
--fleet-server-es=https://10.1.2.3:9200
--fleet-server-service-token=ServiceTokenGoesHere
--fleet-server-policy=fleet-server-policy
--fleet-server-es-ca-trusted-fingerprint=ElasticCAFingerprintGoesHere
--certificate-authorities=/path/to/ca-bundle.crt
--fleet-server-cert=/path/to/fleet-server.crt
--fleet-server-cert-key=/path/to/fleet-server.key
--fleet-server-port=8220

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.