Elastic Agents CA questions…

Balu · February 23, 2022, 10:32am

Hello peoples,

I have started playing with Fleet/Agents on our just upgraded 8.0 cluster and I am confused about how it works with the authoritative CA.

I have created my Elastic CA while installing the cluster using elasticsearch-certutil.

At the moment it seems I have to copy my elastic-stack-ca.crt file before installing an agent and use --certificate-authorities= to tell it to use that file.

Two questions that came to mind during that procedure:

Do I have to keep that file after installation (at that location) or does the agent copy it somewhere to use?
What are the settings "Elasticsearch CA trusted fingerprint" or "certificate_authorities" in the "Advanced YAML configuration" for if I still have to provide that file?

I have tried using --fleet-server-es-ca-trusted-fingerprint instead of providing the file, but that didn't seem to work.

Balu · February 25, 2022, 8:33pm

Ok, I have figured out one question myself.

I have to keep that file at that location or change the fleet.yml configuration:

rg -B1 elastic-stack-ca.crt  /opt/Elastic/Agent/
/opt/Elastic/Agent/fleet.yml
18-    certificate_authorities:
19:    - /home/user/elastic-stack-ca.crt

Remains the second question what "Elasticsearch CA trusted fingerprint" is for or how to use it?

system · March 25, 2022, 8:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fleet server installation issue with TLS and certificates Elastic Agent fleet	0	56	October 29, 2024
Fleet Settings - Elasticsearch output configuration (YAML) Beats fleet	3	712	February 17, 2022
How to get Fleet Agent to use CA Cert w/ Elasticsearch? Elasticsearch fleet	4	858	April 1, 2021
Certificate renewal and Fleet Elastic Agent fleet	5	444	January 5, 2024
Does the '--ca-sha256' command line option for Elastic Agent actually work? Elastic Agent fleet	2	282	February 19, 2024

Elastic Agents CA questions…

Related topics