Hi ,
When I deleted agents for endpoint , I want to re-add agent to endpoint but not work , even I reinstall fleet server or any hosts to security --> manage --> Endpoint.
references:
Please help , thanks!
Installed endpoint defend , it's keep saying communicating with endpoint service , seen not work.
Add more logs
17:54:50.673
elastic_agent.endpoint_security
[elastic_agent.endpoint_security][error] Http.cpp:327 CURL error 60: SSL peer certificate or SSH remote key was not OK [SSL: no alternative certificate subject name matches target host name '172.16.xx.xx']
17:54:50.674
elastic_agent.endpoint_security
[elastic_agent.endpoint_security][notice] BulkQueueConsumer.cpp:93 Elasticsearch connection is down
Hello,
Are you using Elastic cloud or having a self hosted solution?
I assume it's Elastic cloud. However I'm confused about the CURL error. I don't think it's normal to see IP address as certificate subject name in Elastic cloud. Maybe DNS is not working correctly?
Could you confirm if I understand correctly the situation:
Hi Lesio ,
No. I am using self hosted with docker container.
In Fleet , I changed the IP address to my VM from docker IP like (172.18.0.2 Docker) -> (172.16.xx.xx) .
Because the agent always recongized the docker IP address , but it's work for Endpoint , When I changed the docker IP address and agent can sent out data to fleet , but it's not work for endpoint , I guess the http cert not same as docker IP address?
I have no experience with self hosting. I guess you should re-do the certificate setup after changing the IP address.
Elastic Agent installs/uninstalls Elastic Endpoint providing the appropriate config file for Endpoint, so ultimately the config have to be fixed at Fleet/Agent side but we can use Endpoint to narrow down what's wrong:
Could you issue the command:
sudo /opt/Elastic/Endpoint/elastic-endpoint test output
It will print the status of all connections required by Endpoint giving meaningful hint what to fix. First of all check carefully if the printed connections makes sense after the changes in your environment, i.e. do the IP addresses or URLs point where they should.
Hi @lesio
Here is some result of endpoint response
Understand the ES server cannot be trust by endpoint , What do I do?
I should generate Cert for ES or Cert for Fleet Server?
Is it possible to skip the SSL for now?
Hi @lesio
Final I generated the P12 key but I never used this.
elastic-certificates.p12 elastic-stack-ca.p12 http.p12 http_ca.crt transport.p12
As your command return of result
sudo /opt/Elastic/Endpoint/elastic-endpoint test output
I've carefully check the elastic defend advanced settings.
I observed the linux setting , because we using linux for this endpoint. I checked the setting how to un-check the SSL? however , there is setting for this.
Run the command again
Elasticsearch server: https://172.16.88.70:9200
Status: Success
It's worked , the hint is SSL: no alternative certificate subject name match es target host name.
So I guess the IP address changed and didn't match the docker ES certificate.
If I want to fixed it that have to re-generate certificate for ES and import the elasticsearch.yml and change the output CA fingerprint.
Here is the final result:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
