I get the following error trying to start Fleet server after installing it on my Logstash node:
Fleet Server - Error - x509: certificate signed by unknown authority","ecs.version":"1.6.0"
I'm attempting to use the self-signed certs; but what is the standard process for using SSL self-signed certs AND the similar instructions if we want to use public/commercial SSL certs? I've tried to follow the basic guidelines, but a lot of those seem to be lacking as far as specific steps to generate, configure/use & renew SSL certs - One Elastic.co staffer even recently posted that he agrees that, especially the info on how best to use the self-signed certs needs more documentation.
I was able to figure out how to produce and reference the "[server].key" file & ["server-plus-chain"].crt file in kibana.yml & point those items to my SSL-provider-generated key & cert+chain.
So, how do I do similar for Fleet server? I'm trying to use the included or self-generated certs, but I have a sort of "split setup;" but that, here's the basic setup:
-
1 x Kibana/UI node, with a public ".com" SSL cert" - example: "https://elk.myco.com:5601" -- also accessible internal-only, but nice to have that "browser-lock-Your-connection-is-secure" notice, and SSL securing the browser to Kibana connection; works fine.
-
1 x Logstash node, which I think I've got communicating internally okay over TLS and/or using "basic authentication," since I was able to pipe some "test" log indices & entries into the Elasticsearch nodes.
-
1 x Fleet server - attempting to install it on the Logstash node; all of our stuff is internal-only, so no need really for external/public access or SSL certs (except Kibana).
If I recall, during install from the Kibana UI, Fleet integration section asks for an Elasticsearch node (I have 3, but had to choose 1; not sure that you can choose more than one). And there are some docs mentioning to "copy the self-signed certs from the Elastic cluster to the other nodes, such as Fleet & Logstash;" but then there's the matter of making those self-signed certs "trusted" - something about "placing the certs in the right location and "re-loading" the CA module in the OS, so that it loads the self-signed certs into its cache, i.e: "elsatic-ca.pem?" (or whatever CA is for your cluster). -
3 x Elasticsearch nodes - all seem to be running fine & using internal TLS.
So, in general, Logstash node can talk to and send data to the Elastic nodes, but Fleet has yet to start cleanly. Since I have a separate Logstash/Fleet node (these both live on same server), do I also need to generate an internal cert 'from' the Logstash node & reference that? What am I missing? Thanks in advance for any help; and please let me know what else you may need from me, in order to pinpoint the issue.