X509 Certificate Error for Fleet Enrollment

Hello friends, I am needing some help with setting up the fleet enrollment for my clients on windows systems. Am having an issue with this EDR portion of the SIEM build.

Any help would be nice, I have the cert, but not connection.

The Elastic Agent is currently in BETA and should not be used in production

Error: fail to enroll: fail to execute request to Kibana: Post "https://172.16.100.10:5601/api/fleet/agents/enroll?": x509: cannot validate certificate for 172.16.100.10 because it doesn't contain any IP SANs
Error: enroll command failed with exit code: 1

The certificate you are using in Kibana cannot be trusted by Agent because it isn't valid for the 172.16.100.10 IP address (or any IP address).

It may be as simple as configuring Fleet to use a different URL to access Kibana, or it may require generating a new certificate for Kibana.

Is there a way to generate that certificate to add that information into It? Am looking for a command to generate that certificate.

Hi Ronnie,
You can do that with this command:

'sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert -name "server.name.here" --ip 172.16.100.10 --dns server.name.here --pem'

This will create a certificate bundle zip file in the '/usr/share/elasticsearch/' folder.
The zip file will contain a .crt and a .key file that should solve your issue.

Thanks, blessings to ya.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.