I am running a self-managed Elastic Stack (8.x) on a private network and trying to deploy Fleet Server with production TLS certificates. I am facing certificate trust and agent enrollment issues.
Then I saw on documentation that, “When you run Elastic Agent with the Elastic Defend integration, the TLS certificatesused to connect to Fleet Server and Elasticsearch need to be generated using RSA.”
Environment
Infrastructure
-
Proxmox VMs
-
Ubuntu 24.04
-
Private network 10.5.5.0/24
Nodes
-
10.5.5.4 – es-master-vote (Elasticsearch master)
-
10.5.5.5 – es-hot-1 (data)
-
10.5.5.6 – es-hot-2 (data)
-
10.5.5.7 – kibana-fleet (Kibana + Fleet Server)
Any guidance or best-practice examples for self-managed multi-node TLS + Fleet Server would be appreciated.