Fleet-Server Certificate issue

Hi Community,

xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/elk.key
xpack.security.http.ssl.certificate: certs/elk.cer
xpack.security.http.ssl.certificate_authorities: certs/rootCA.cer

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

rootCA.cer certificate i created using openssl for testing purpose.

  1. Generate certificates for fleet-server
    bin/elasticsearch-certutil cert --name fleet-server --ca-cert rootCA.crt --ca-key rootCA.key --ip 139.59.2.1 --pem
  2. Run elastic-agent command to install fleet
    ./elastic-agent install --url=https://139.59.2.1:8220
    --fleet-server-es=https://139.59.2.1:9200
    --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2Nzk5MzAyNTI0NTA6Y25wbVk1TnVUc3FGTE5GNUhGYjFSZw
    --fleet-server-policy=fleet-server-policy
    --certificate-authorities=/usr/share/elasticsearch/rootCA.crt
    --fleet-server-es-ca= /usr/share/elasticsearch/rootCA.crt
    --fleet-server-cert=/usr/share/elasticsearch/fleet-server/fleet-server.crt
    --fleet-server-cert-key=/usr/share/elasticsearch/fleet-server/fleet-server.key

I am getting this error

{"log.level":"info","@timestamp":"2023-03-27T20:48:28.669+0530","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":803},"message":"Fleet Server - Error - x509: cannot validate certificate for 139.59.2.1 because it doesn't contain any IP SANs","ecs.version":"1.6.0"}

Command for generating self signed ca

openssl genrsa -des3 -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

Can anyone help me out please

Can anyone help me

Hello @Aniket_Pant,

Could you specify what version of the stack are you running?

I am using 8.2 version.

Did you follow the steps in Configure SSL/TLS for self-managed Fleet Servers | Fleet and Elastic Agent Guide [8.2] | Elastic
to generate the certs?

Okay i will follow this steps and let you know.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.