Elastic agent is working and was registered with ca.crt file path on windows 2019 server.
Elastic defend integration failed to connect to ES with this message:"Elasticsearch connection failure"
Looking at logs give me a more precise issue:
elastic_agent.endpoint_security
[elastic_agent.endpoint_security][error] Http.cpp:327 CURL error 60: Error [SSL: no alternative certificate subject name matches target host name '192.168.1.111']
certificate config in elastic-endpoint.yaml is weird with blank lines:
This is happening because the hostname in the certificate being used to secure the connection is not the hostname for the connection (192.168.1.111). Are there other integrations also being used on this host that are working?
Regardless, if all you want to do is remove that hostname check, you can go to Fleet -> Settings then find the Output in use by the affected host(s) (by default it's default). Click the edit icon under the Actions column for it and you'll see a fly out appear on the right hand side of the page. In the
"Advanced YAML configuration" textbox add the below YAML and then click the "Save and apply setting" button. This will cause all integrations on all hosts writing to Elasticsearch using that Output configuration to disable that hostname check.
ssl:
verification_mode: certificate
As an aside, full is the default verification mode and none disables all SSL verifications (but still uses SSL).
Thanks for your answer ferullo , I edited " Edit Elastic Defend integration" and set in advance settings "windows.advanced.elasticsearch.tls.verify_hostname" to false. Defend became "green"
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
