If Elasticsearch is using a self-signed cert , then the Elastic Agents need that CA or trusted fingerprint because Agents send Data directly to Elasticsearch
To encrypt traffic between Elastic Agents, Fleet Server, and Elasticsearch:
Configure Fleet settings. These settings are applied to all Fleet-managed Elastic Agents.
In Kibana, open the main menu, then click Management > Fleet > Settings.
Under Fleet Server hosts, specify the URLs Elastic Agents will use to connect to Fleet Server. For example, https://192.0.2.1:8220, where 192.0.2.1 is the host IP where you will install Fleet Server.
For host settings, use the https protocol. DNS-based names are also allowed.
Under Outputs, search for the default output, then click the Edit icon in the Action column.
In the Hosts field, specify the Elasticsearch URLs where Elastic Agents will send data. For example, https://192.0.2.0:9200.
Specify either a CA certificate or CA fingerprint to connect securely Elasticsearch:
File path example:
If you have a valid HEX encoded SHA-256 CA trusted fingerprint from root CA, specify it in the Elasticsearch CA trusted fingerprint field. To learn more, refer to the Elasticsearch security documentation.
Otherwise, under Advanced YAML configuration, set ssl.certificate_authorities and specify the CA certificate to use to connect to Elasticsearch. You can specify a list of file paths (if the files are available), or embed a certificate directly in the YAML configuration. If you specify file paths, the certificates must be available on the hosts running the Elastic Agents.File path example:
Hello Stephen
Thanks for the reply
I did this, i used the trusted fingerprint
With tcpdump i see that the agent send data to ``` v-elkmaster01.sys.u-bordeaux.fr
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.