How to get Fleet Agent to use CA Cert w/ Elasticsearch?

I'm trying to get logs sent to my Elasticsearch instance w/ Elastic Cloud Enterprise (Self Hosted), and i'm seeing the following error in the logs:

{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243)): Get "https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243": x509: certificate signed by unknown authority","ecs.version":"1.6.0"}

I'm using a self signed ca certificate that's generated by Elastic Cloud Enterprise, and i've configured my output in Fleet to the following:

outputs:
  default:
    type: elasticsearch
    ssl.certificate_authorities:
      - 'C:\Users\Administrator\Documents\elastic-agent\ca.crt'
    hosts:
      - 'https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243'
    username: elastic
    password: password

I installed the Elastic Agent on Windows with the following command:

.\elastic-agent.exe install -f --kibana-url=https://MY_ELASTIC_CLOUD_ENTERPRISE.ip.es.io:9243 --enrollment-token=LTM1LV9IY0JBQlBjZWtDalcwZ2Y6WDV5S0QtM0xRaXlMT05tcmtpWFNwQQ== --certificate-authorities C:\Users\Administrator\Documents\elastic-agent\ca.crt

^ I was able to install/enroll just fine.. and the Kibana checkin is working as well.

The only issue i'm having is with my elasticsearch requests... and it's saying that my certificate is signed by an unknown authority.

I've even installed the CA Cert at the OS level:
image
^ You can see the locked icon indicating that it's a valid connection.

Is there a bug with the Fleet Agent right now in terms of ElasticSearch? Because it seems like the Kibana side is working just fine.

Anyone know what the issue is?

Note: I don't want to use the --insecure parameter.. id rather get this actually working with the CA cert.

You can specify custom option for the elasticsearch output in the setting panel

For example you can use ssl.certificate_authorities: ["/localpath/ca.pem"]

Hey @nchaulet yes I already have done that!

There's nothing even in the logs indicating that it's even looking for the CA cert file. I tried renaming the the ssl.certificate_authorities field to a file that doesn't exist.. and it doesn't show in the log that it wasn't found.

@nchaulet figured it out :slight_smile: I was formatting the output configuration wrong in the UI... it should be like this (without the outputs, and default):

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.