From ec08cac51a047e82e5910c7004d0884de6b2197c Mon Sep 17 00:00:00 2001 From: wajihaparvez Date: Fri, 28 Nov 2025 17:04:47 -0500 Subject: [PATCH 1/2] Update AutoOps for self-managed custom cert page --- .../autoops-sm-custom-certification.md | 40 ++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md b/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md index 14bae85dda..70897a621f 100644 --- a/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md +++ b/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md @@ -20,6 +20,10 @@ products: This error occurs because the machine where you have installed {{agent}} does not trust your custom or internal CA. To fix this error, follow the steps on this page to configure the agent with your custom SSL certificate. +:::{note} +These instructions only apply to environments where [AutoOps {{agent}} is installed using Linux](/deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md#install-agent). +::: + ## Add custom certificate path to the `elastic-agent.yml` file To configure {{agent}} with your custom SSL certificate, add the path to your certificate to the [`elastic-agent.yml`](/reference/fleet/configure-standalone-elastic-agents.md) policy file on the host machine where the agent is installed. @@ -46,6 +50,40 @@ Complete the following steps: - ${env:AUTOOPS_CA_CERT} ``` After adding this line to both modules, make sure the` AUTOOPS_CA_CERT` environment variable is set on the host machine and contains the full path to your certificate file (for example: `/etc/ssl/certs/my_internal_ca.crt`). + + The following codeblock shows what your final configuration should look like when you use the environment variable method. + + ```yaml + receivers: + metricbeatreceiver: + metricbeat: + modules: + # Metrics + - module: autoops_es + hosts: ${env:AUTOOPS_ES_URL} + period: 10s + metricsets: + - cat_shards + - cluster_health + - cluster_settings + - license + - node_stats + - tasks_management + # --- ADD THIS LINE --- + ssl.certificate_authorities: + - ${env:AUTOOPS_CA_CERT} + # Templates + - module: autoops_es + hosts: ${env:AUTOOPS_ES_URL} + period: 24h + metricsets: + - cat_template + - component_template + - index_template + # --- ADD THIS LINE --- + ssl.certificate_authorities: + - ${env:AUTOOPS_CA_CERT} + ``` :::: ::::{tab-item} Hardcode file path @@ -106,7 +144,7 @@ Complete the following steps: ``` 6. Check the agent logs again to confirm that the error is gone and that {{agent}} has successfully connected your self-managed cluster to AutoOps. - :::{note} + :::{tip} If you encounter the following error in the agent logs, there might be a formatting issue in the `elastic-agent.yml` file. ```sh ... can not convert 'object' into 'string' ... ssl.certificate_authorities ... From a1ddc325fda15714e91265d21aba897cf58ca7ef Mon Sep 17 00:00:00 2001 From: wajihaparvez Date: Fri, 28 Nov 2025 17:31:08 -0500 Subject: [PATCH 2/2] add spaces --- .../monitor/autoops/autoops-sm-custom-certification.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md b/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md index 70897a621f..4fd52ba9e1 100644 --- a/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md +++ b/deploy-manage/monitor/autoops/autoops-sm-custom-certification.md @@ -51,7 +51,7 @@ Complete the following steps: ``` After adding this line to both modules, make sure the` AUTOOPS_CA_CERT` environment variable is set on the host machine and contains the full path to your certificate file (for example: `/etc/ssl/certs/my_internal_ca.crt`). - The following codeblock shows what your final configuration should look like when you use the environment variable method. + The following code block shows what your final configuration should look like when you use the environment variable method. ```yaml receivers: @@ -97,7 +97,7 @@ Complete the following steps: ssl.certificate_authorities: - "/path/to/your/ca.crt" ``` - The following codeblock shows what your final configuration should look like when you use the hardcode method. + The following code block shows what your final configuration should look like when you use the hardcode method. ```yaml receivers: