Hi All,
Please have some patience with me cause i ll give as much details.
I have my ELK stack (elastic, kibana, logstash) on same local server (192.168.0.2) and im trying to install Fleet server on another host (192.168.0.3) but i'm getting this error:
{"log.level":"info","@timestamp":"2022-08-25T09:36:24.534Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Error - x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"Elastic Certificate Tool Autogenerated CA\")","ecs.version":"1.6.0"}
Error: fleet-server failed: context canceled
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.3/fleet-troubleshooting.html
Error: enroll command failed with exit code: 1
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.3/fleet-troubleshooting.html
This is my elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/all-elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/all-elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/etc/elasticsearch/http.p12"
#-------------------------------Fleet------------------------------------
xpack.security.authc.api_key.enabled: true
I've followed this documentation to create the certs:
Here the steps in details
openssl pkcs12 -in all-elastic-certificates.p12 -out elasticsearch-ca.crt -clcerts -nokeys
openssl pkcs12 -in all-elastic-certificates.p12 -out elasticsearch-ca.key -nocerts -nodes
./bin/elasticsearch-certutil ca --pem
I've got fleet-ca.crt
and fleet-ca.key
The i've run this:
sudo ./bin/elasticsearch-certutil cert \
--name fleet-server \
--ca-cert fleet-ca/fleet-ca.crt \
--ca-key fleet-ca/fleet-ca.key \
--dns localhost,node-1 \
--ip 0.0.0.0,192.168.0.2,192.168.0.3,127.0.0.1,::1 \
--pem
This gave me fleet-server.crt
and fleet-server.key
added the elasticsearch-ca.crt
into the fleet settings
Finally This is the installation code I run on fleet server
sudo ./elastic-agent install \
--url=https://192.168.0.3:8220 \
--fleet-server-es=https://192.168.0.2:9200 \
--fleet-server-service-token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \
--fleet-server-policy=XXXXXXXXX-8d2d-cddeef5ffe8c \
--certificate-authorities=/etc/certs/elasticsearch-ca.crt \
--fleet-server-es-ca=/etc/certs/fleet-ca.crt \
--fleet-server-cert=/etc/certs/fleet-server.crt \
--fleet-server-cert-key=/etc/certs/fleet-server.key
Is there anything wrong from my side? Please help im stuck in this since 3 days!