Elastic Agent 7.10.1 : javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

Hello,

I was testing the latest version of Elastic Stack 7.10.1. So far, so far following the documentation I managed setup an test environment and setup a small lab.

I am interested in testing (Simulating Attacks) on a machine that has Elastic Agent installed. So far I managed to install it on a windows 7 machine and after pulling my hair over why my Agent is only online for couple of minutes before it goes completely offline I managed to enroll it using Fleet.

My agent is now enrolled but I am not receiving any data. After reviewing Elasticsearch logs I found this error :

[WARN ][o.e.h.AbstractHttpServerTransport] [aio] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/192.168.20.155:9200, remoteAddress=/192.168.20.25:50945}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

This clearly indicates that elasticsearch refusing communication with the machine that has Elastic Agent 192.168.20.25.

I am trying to do the same configuration here as I did for my agents like winlogbeat and filebeat but it doesn't work for me :

outputs:
  default:
    type: elasticsearch
    hosts: [https://192.168.20.155:9200]
    ssl.certificate_authorities: ["C:\Tools\cert\elastic-stack-ca.pem"]
    ssl.verification_mode: none
    username: elastic
    password: elastic

I can't find any documentation on how to configrue elastic agent to use self signed certificates. can you please help or guide me.

Thank you

1 Like

Okey I solved it, gonna leave this here for others

Did some more digging in github repos. I found this issue :


which lead me to this other one with a workaround :

Because I am just testing this I disabled verification in the action-store.yml file found (in my windows machine) here C:\Program Files\Elastic\Agent\data\elastic-agent-1da173\:
  outputs:
    default:
      api_key: 1Pje5..................
      hosts:
      - https://192.168.20.155:9200
      type: elasticsearch
      ssl.verification_mode: none
2 Likes