When setting up Elasticsearch on-prem, by default it's using https with an unsigned certificate. This means to connect to Elasticsearch, the user either needs to change the certificate to a signed one they created themselves, configure the shippers to accept unsigned certificates or manually switch to http.

When using the host or k8s flows with EA or OTel, no flow is currently handling this automatically:

• Host EA flow is failing to send data, user needs to manually figure out how to configure the output to ignore certificate problems
• Host OTel flow is failing to send data, user needs to manually figure out how to configure the output to ignore certificate problems
• Kubernetes EA flow has a ssl.ca_trusted_fingerprint placeholder in its config, but the user needs to find it in the yaml generated by kustomize (and know what to set there)
• Kubernetes OTel has a commented out tls.insecure_skip_verify in the values.yml file

The onboarding flow in the integrations plugin is prepopulating the ssl.ca_trusted_fingerprint setting for both EA flows - we should probably do the same for our flows.

For OTel, I'm not sure whether something needs to be done or not - but we should at least describe in the documentation how to get around the problem