X509 Certificate Error for Fleet Enrollment

secopsgeek · February 16, 2021, 5:28pm

Hello friends, I am needing some help with setting up the fleet enrollment for my clients on windows systems. Am having an issue with this EDR portion of the SIEM build.

Any help would be nice, I have the cert, but not connection.

The Elastic Agent is currently in BETA and should not be used in production

Error: fail to enroll: fail to execute request to Kibana: Post "https://172.16.100.10:5601/api/fleet/agents/enroll?": x509: cannot validate certificate for 172.16.100.10 because it doesn't contain any IP SANs
Error: enroll command failed with exit code: 1

TimV · February 17, 2021, 2:35am

The certificate you are using in Kibana cannot be trusted by Agent because it isn't valid for the 172.16.100.10 IP address (or any IP address).

It may be as simple as configuring Fleet to use a different URL to access Kibana, or it may require generating a new certificate for Kibana.

secopsgeek · February 17, 2021, 3:30am

Is there a way to generate that certificate to add that information into It? Am looking for a command to generate that certificate.

finbarr996 · February 27, 2021, 6:29pm

Hi Ronnie,
You can do that with this command:

'sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert -name "server.name.here" --ip 172.16.100.10 --dns server.name.here --pem'

This will create a certificate bundle zip file in the '/usr/share/elasticsearch/' folder.
The zip file will contain a .crt and a .key file that should solve your issue.

secopsgeek · February 27, 2021, 6:59pm

Thanks, blessings to ya.

system · March 27, 2021, 7:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.