I'm little confuse, i try to learn many tutorials on fleet server / agent but i don't know how i can create my own certificate to deploy in production.
I try to learn the ELK tutorial but i think i make a mistake.
my error message is : x509: certificate signed by unknown authority
It appear it's not recommended to use --insecure mode in production, it's why i need your help.
But when i want to enroll my agent with the command on "add host" in fleet configuration, on other host, the command bellow stop with error : x509: certificate signed by unknown authority
Apologies I am unclear what "add host" means So this is about installing and non-fleet / regular agent?
I think you can copy the CA to the host where the agent is and then use this, I am not sure if that is the Fleet CA or the Elasticsearch CA you could try both.
elastic-agent install --url <string>
--enrollment-token <string>
[--ca-sha256 <string>] < - This or Below
[--certificate-authorities <string>] <!--- THIS I Think, but this is the CA
[--delay-enroll]
[--force]
[--non-interactive]
[--help]
[--insecure ]
[--tag <string>]
[global-flags]
I add my fleet server with quick start parameters.
My first try => I put my informations : Name and https://MYIP:8220
Generate fleet server policy
and install "fleet server to a centralized host"
But when i install i see : "message":"Generating self-signed certificate for Fleet Server"
And when i want to enroll agent into fleet : Error: fail to enroll: fail to execute request to fleet-server: x509: certificate signed by unknown authority
For help, please see our troubleshooting guide at Troubleshoot common problems | Fleet and Elastic Agent Guide [8.6] | Elastic
Second try => So after i create my own certificates and run the command i show you before to install my fleet server.
But when i try to enroll a new Agent in Fleet with my own certificates, the error is the same.
So when you enroll the actual agent are you using this?
And in including BOTH the elasticsearch CA and the Fleet CA?
Otherwise I think you are going to need to use the --insecure
Unless you use Official / Non-Self Managed Certs... perhaps I can try this myself in the next couple days...
elastic-agent install --url <string>
--enrollment-token <string>
[--ca-sha256 <string>] < - This or Below
[--certificate-authorities <string>] <!--- THIS I Think, but this is the CA
[--delay-enroll]
[--force]
[--non-interactive]
[--help]
[--insecure ]
[--tag <string>]
[global-flags]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.