Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add note about elliptic-curve restriction #1350

Merged
merged 2 commits into from
Oct 1, 2024
Merged

Add note about elliptic-curve restriction #1350

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2dd8f69
Add note about elliptic-curve restriction
kilfoyle Sep 26, 2024
328648f
Update note and include for both TLS and mTLS
kilfoyle Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/en/ingest-management/security/certificates.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ openssl pkcs12 -in path.p12 -out private.key -nocerts -nodes
Key passwords are not currently supported.
====

IMPORTANT: When you run {agent} with the {elastic-defend} integration, the link:https://en.wikipedia.org/wiki/X.509[TLS certificates] used to connect to {fleet-server} and {es} need to be generated using link:https://en.wikipedia.org/wiki/RSA_(cryptosystem)[RSA]. For a full list of available algorithms to use when configuring TLS or mTLS, see <<elastic-agent-ssl-configuration,Configure SSL/TLS for standalone {agents}>>. These settings are available for both standalone and {fleet}-managed {agent}.

[discrete]
[[generate-fleet-server-certs]]
== Generate a custom certificate and private key for {fleet-server}
Expand Down
2 changes: 2 additions & 0 deletions docs/en/ingest-management/security/mutual-tls.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ When mTLS is required, the secure setup between {agent}, {fleet}, and {fleet-ser
.. If the {agent} policy contains mTLS configuration settings, those settings will take precedence over those used during enrollment: This includes both the mTLS settings used for connectivity between {agent} and {fleet-server} (and the {fleet} application in {kib}, for {fleet}-managed {agent}), and the settings used between {agent} and it's specified output.
.. If the {agent} policy does not contain any TLS, mTLS, or proxy configuration settings, these settings will remain as they were specified when {agent} enrolled. Note that the initial TLS, mTLS, or proxy configuration settings can not be removed through the {agent} policy; they can only be updated.
IMPORTANT: When you run {agent} with the {elastic-defend} integration, the link:https://en.wikipedia.org/wiki/X.509[TLS certificates] used to connect to {fleet-server} and {es} need to be generated using link:https://en.wikipedia.org/wiki/RSA_(cryptosystem)[RSA]. For a full list of available algorithms to use when configuring TLS or mTLS, see <<elastic-agent-ssl-configuration,Configure SSL/TLS for standalone {agents}>>. These settings are available for both standalone and {fleet}-managed {agent}.
[discrete]
[[mutual-tls-on-premise]]
== On-premise deployments
Expand Down