Skip to content

Commit

Permalink
doc(ext/fleet): Add instruction for setting CA fingerprint
Browse files Browse the repository at this point in the history
Fixes #799
  • Loading branch information
antoineco committed Sep 18, 2024
1 parent 1bd5a88 commit ab61480
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions extensions/fleet/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,25 @@ The Fleet Server exposes the TCP port `8220` for Agent to Server communications.

## Usage

### CA Certificate Fingerprint

Before starting Fleet Server, take note of the CA certificate's SHA256 fingerprint printed by the `docker compose up
tls` command (it is safe to run it multiple times), and use it as the value of the commented `ca_trusted_fingerprint`
setting inside the [`kibana/config/kibana.yml`][config-kbn] file.

The fingerprint appears on a line similar to the one below, in the output of the aforementioned command:

```none
⠿ SHA256 fingerprint: 846637d1bb82209640d31b79869a370c8e47c2dc15c7eafd4f3d615e51e3d503
```

This fingerprint is required for Fleet Server (and other Elastic Agents) to be able to verify the authenticity of the CA
certificate presented by Elasticsearch during TLS handshakes.

Restart Kibana with `docker compose restart kibana` if it is already running.

### Startup

To include Fleet Server in the stack, run Docker Compose from the root of the repository with an additional command line
argument referencing the `fleet-compose.yml` file:

Expand Down

0 comments on commit ab61480

Please sign in to comment.