Hello there,
I´m now using a private certificate (GoDaddy) and even so, I cannot make it to work.
Bellow I got my ELK stack using the private certificate:
Bellow I got the first step towards the enrolling:
Bellow I got the error from the agent trying to comunicate:
So my final question is, does the elastic agent really works? Which steps should be made for it work?
Hello @francescouk,
I think you're getting caught up in some issues that are largely summarized here: https://github.com/elastic/kibana/issues/73483
In the meantime, did you see the follow-up in this post as well? Elastic Agent not sending Data Have you been able to make sure that the CA cert is in the trusted roots store for the computer account on your endpoint?
-Nick Fritts
I did. I´ve done a full reinstall of the ELK stack, created the elastic self certificate and after adding the ca certificate to the root store, I could connect to elasticsearch.
So far, what I´ve seen was, even adding the certificate, in the beggin elasticsearch make the connection but after a while it complaints about the connection as display bellow:
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:312) ~[?:?]
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) ~[?:?]
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:185) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:167) ~[?:?]
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:729) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:684) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:499) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:475) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634) ~[?:?]
I did restart both elastic-agent and elastic endpoint. After restart, the connection has been restored but not for long as image bellow can confirm:
Hi @francescouk
Is this still your current status? I saw your post that everything was working in the other thread and thought it was posted after this one.
Could you check the agent and endpoint log files and tell me if there's anything that stands out there? Are you getting data from either agent or endpoint in Elasticsearch?
I ran into the same issue which can be duplicated pretty easy. Just something to poke at can you see if you have both client and server auth in the enhanced key usage part of the certificate. With server only the connection will not be established to kibana but will to elastic partly.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
