Fleet enrolement okay, but checkin fails

Hi there,
I have ES 7.9.3 running on an Ubuntu server, xpack security is enabled and working using self generated certs on the ES node.

Fleet agent enrolement for a windows 10 host initially failed with an "x509: certificate signed by unknown authority" error, but adding the ES node self generated ca.crt file to the Windows trusted root certificate store fixed that problem. Kibana now shows the status as 'enrolling'...
Then I ran the install powershell script and that completed succesfully - the service is running.

I now have errors in the elastic-agent log file which record a failure to checkin to Fleet, again with a "x509: certificate signed by unknown authority" error.
I've added the node certificate to the Win 10 certificate store, the ca certificate is already present, so I'm not sure what is missing - I would have thought if the elastic agent could enroll succesfully, then it should also be able to check in.

Any help or pointers to solve this gratefully received!

Kind regards,

I believe the 7.9 version of Fleet doesn't support custom certificates. This is on our near term roadmap.

1 Like