Channels
  • a

    Ahmed Awadelkarim

    1 year ago
    Hi! Anyone here have experience with why a remote tls enrollment, would return to me an empty
    node_key
    ? If I run
    osqueryd
    verbose
    with the
    tls_dump
    flag, and re-run the command thats returned to me as failing, from the command line it works fine and I get a value for the
    node_key
    I'd expect to see but in the daemon it all comes back empty: Daemon:
    {"node_key":""}
    CLI:
    {"node_key": "abc123"}
    Again the command I am running from the cli is what is returned to me from
    osqueryd tls_dump
    . I'm assuming this is likely a problem with the remote API but just want to confirm what the discrepancy may be btw the daemon and cli.
  • zwass

    zwass

    1 year ago
    My guess is your TLS server isn't getting the correct enroll secret. Perhaps due to the way you are passing configs in osqueryi vs. osqueryd?
  • a

    Ahmed Awadelkarim

    1 year ago
    Possibly, looking at the
    osquery_flags
    being passed to the daemon at runtime it *should* be correct, and the
    tls_dump
    seems to capture the correct
    enroll_secret
    in the command that I then copy off and run manually, however bizarrely on my mac when I run
    osqueryi
    the flags do not seem to be correct