Fleet Server Settings Elasticsearch CA Fingerprint Rejected

I tried entering the base64 encoded Fingerprint of the CA certificate in the Output section of Fleet settings, but I get the error below -

The string is most definitely base64 encoded. What can I do to get past this issue?

How did you get that value ? Is it actually the SHA256 fingerprint of a CA certificate ?

I used openssl x509 -fingerprint -sha256 -in ca.crt to get the fingerprint and then converted it to base64 (as required in the error message)

Hi @ddth_2022

Looks like we have a bug in the client validation of this form, I filled this issue on our side and this should be fixed in an upcoming version [Fleet] Output CATrustedFingerPrint validation client side is broken · Issue #125661 · elastic/kibana · GitHub

In the mean time to unlock you, you can edit this settings via the API

curl --request PUT \
  --url https://{KIBANA_HOST}/api/fleet/outputs/fleet-default-output  \
  --header 'kbn-xsrf: xxxx' \
  --data '{
	"name": "default",
	"type": "elasticsearch",
	"hosts": [
	"is_default": true,
	"is_default_monitoring": true,
	"config_yaml": "#test",
	"ca_trusted_fingerprint": "yourfingerprint"
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.