[Fleet] Add ES certificate authority fingerprint argument to Fleet Server install command #116620
Closed
1 of 2 tasks
Assignees
Labels
required-for-8.0
This work is required to be done before 8.0 lands, bc it relates to a breaking change or similar.
Team:Fleet
Team label for Observability Data Collection Fleet team
v8.0.0
Comments
joshdover
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
jkakavas
added this to Backlog/In design
in Security On by Default Implementation Tracking
joshdover
changed the title
joshdover
changed the title
joshdover
changed the title
joshdover
changed the title
joshdover
added
the
required-for-8.0
This was referenced Dec 6, 2021
Security On by Default Implementation Tracking
automation
moved this from Backlog/In design
to Completed
Dec 8, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to support the new 'security on by default' configuration, we need to ensure that Fleet Server and Elastic Agent will trust self-signed certificates generated by Elasticsearch 8.0. To do this, the Fleet UI should add a sha256 fingerprint of the Elasticsearch's certificate authority to the
./elastic-agent installcommands provided to users in the UI.The fingerprint should be retrieved from the Fleet Server policy's output's
ca_trusted_fingerprintproperty which will be populated automatically during Kibana setup in #120120Depends on
ca_sha256to default Elasticsearch output in Fleet during setup for security on by default #120120This should be populated as a
--fleet-server-es-ca-trusted-fingerprint=<fingerprint>flag.The text was updated successfully, but these errors were encountered: