I am installing the Fleet server in the on-premises environment.
It's all connected, so fleet server is completed with healthy.
Then, Elasticsearch is sending an warning called bad_certificate.
Is it because I sent http_ca.cert to the Fleet server? Or did I use the cert file wrong?
Please give us your opinion.
sudo ./elastic-agent install -f \
--url=https://192.0.2.1:8220 \
--fleet-server-es=https://192.0.2.0:9200 \
--fleet-server-service-token=<token> \
--fleet-server-es-ca=/path/to/elasticsearch-ca.crt \ # es http_ca.crt
--certificate-authorities=/path/to/ca.crt \ # ca.crt
--fleet-server-cert=/path/to/fleet-server.crt \ # fleet-server.crt
--fleet-server-cert-key=/path/to/fleet-server.key # fleet-server.key
[2023-01-13T15:44:21,574][WARN ][o.e.h.AbstractHttpServerTransport] [node-1] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/es:9200, remoteAddress=/fleet:39752}io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at io.netty.codec@4.1.77.Final/io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:480)
at io.netty.codec@4.1.77.Final/io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.transport@4.1.77.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.transport@4.1.77.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.transport@4.1.77.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)