Filebeat ERROR x509: certificate signed by unknown authority

thank you for your help

1 Like

Personally I install the CA certificate as trusted root authority on the OS itself.

That solved all the CA certificate issues and makes the configuration of the stack much easier as I don't need to provide the certificate to each service separately.

Another hint: If you run the Elastic-Agent within a docker container, it is totally irrelevant what environment variable you use to configure the trusted CA certificate. Initially I provided all of them and the agent still complain about the untrusted certificate. That went away as I built my own image with the CA certificate added to the OS's trust store.

Thank you litronics

The problem is it is not my server and I can't do what ever I want on Customer host

It is production server and I don't want to make smth bad on it.

Thank you for your answer though

I don't know your infrastructure and how this integrates into your Customer netowrk hosts.

However providing SSL/TLS certificates or distributing a additional root CA certificate shouldn't be rocketsience nowadays.

Problably you can ask your customer to distribute den certificate to his servers?
Or if he is running his own PKI, ask him to sign the required certificates with his CA and import his root certificate into the ELK stack services?


For the moment I'm working on testing environment and will play with certificates

It will be important if client will decide to use ELK

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.