Fleet Server - Certificate Issues


When i try to register Fleet Server using a certificate, it is getting successfully registered. But the problem is, it is throwing "Generating self-signed certificate for Fleet Server" after executing the command as shown below. This might be the reason when i try to register an VM to this Fleet Server using the certifictae i' am getting an exception "x509 certificate signed by unknown authority".

So trying to see if the root cause of the issue is "my fleet server" is not configured properly using CA certificate. Please help.

sudo ./elastic-agent install -f --url=https://XX1prdelkfleet01:8220 \
>  --fleet-server-es=https://mo1prdelkmstr01:9200 \
>  --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NDU0MzU3NTMwMjY6RmduZUU1RGNTeHlEb2lKVHdEVjRRZw \
>   --fleet-server-policy=9de5f020-8e76-11ec-9794-bf083a8b07e7 \
>   --certificate-authorities= /etc/ssl/certs/elkprd.crt \
>   --fleet-server-es-ca= /tmp/elkprd.crt \
>   --fleet-server-cert=  /tmp/elkprd.crt \
>   --fleet-server-cert-key= /tmp/elkprd.key
2022-02-21T06:34:43.470-0500	INFO	cmd/enroll_cmd.go:354	Generating self-signed certificate for Fleet Server
2022-02-21T06:34:45.887-0500	INFO	cmd/enroll_cmd.go:701	Fleet Server - Starting
2022-02-21T06:34:46.888-0500	INFO	cmd/enroll_cmd.go:682	Fleet Server - Running on policy with Fleet Server integration: 9de5f020-8e76-11ec-9794-bf083a8b07e7; missing config fleet.agent.id (expected during bootstrap process)
2022-02-21T06:34:47.692-0500	INFO	cmd/enroll_cmd.go:414	Starting enrollment to URL: https://mo1prdelkfleet01:8220/
2022-02-21T06:34:48.482-0500	INFO	cmd/enroll_cmd.go:252	Successfully triggered restart on running Elastic Agent.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.