Channels
#general
Title
# general
s
Sujit Jagdev
04/12/2020, 3:32 PMNeed some noobie help. I0412 140838.742949 11449 tls.cpp:253] TLS/HTTPS POST request to URI: https://localhost:8080/api/v1/osquery/enroll
W0412 140838.750748 11449 tls_enroll.cpp:76] Failed enrollment request to https://localhost:8080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... Any advice?
s
SK
04/12/2020, 4:22 PMYou will need to put the whole cert chain in the cert file for the OSQuery agent.
x
xiaoliuzi
04/16/2020, 8:03 AMI am a newbie, how to put the whole cert chain in the cert file for the OSQuery agent.
s
SK
04/16/2020, 1:58 PM@xiaoliuziDid you fix it already? Just saw your message.
x
xiaoliuzi
04/16/2020, 2:02 PMno no no ,I do not fix it. What method do you have?
s
SK
04/16/2020, 2:07 PMYou will need to put the whole cert chain in the cert file for the osquery agent to work
x
xiaoliuzi
04/16/2020, 2:20 PMThe server.pem and enroll_secret?
I use this.
sudo osqueryd \
--enroll_secret_path=/var/osquery/enroll_secret \
--tls_server_certs=/var/osquery/server.pem \
--tls_hostname=192.168.10.101:8080 \
--host_identifier=192.168.10.103 \
--enroll_tls_endpoint=/api/v1/osquery/enroll \
--config_plugin=tls \
--config_tls_endpoint=/api/v1/osquery/config \
--config_refresh=10 \
--disable_distributed=false \
--distributed_plugin=tls \
--distributed_interval=10 \
--distributed_tls_max_attempts=3 \
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read \
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write \
--logger_plugin=tls \
--logger_tls_endpoint=/api/v1/osquery/log \
--logger_tls_period=10
s
SK
04/16/2020, 2:25 PMIn the pem you will need to add also the root ca
x
xiaoliuzi
04/16/2020, 2:32 PMShould I copy the root ca to pem?
s
SK
04/16/2020, 3:04 PMyes and all intermediate for the kolide server, the osquery agent needs the whole chain to be able to authenticate
x
xiaoliuzi
04/16/2020, 3:10 PMThe kolide server and osquery are on the same LAN. Are there any intermediate products?
s
SK
04/16/2020, 3:12 PMWith intermediate I mean possible intermediate CAs in your cert-chain, so root CA and all intermediate CAs and than kolide cert
x
xiaoliuzi
04/16/2020, 3:13 PME0416 23: 11: 19.486438 6129 init.cpp: 509] Cannot activate tls logger plugin: No node key, TLS logging disabled.
Why is this?
s
SK
04/16/2020, 4:26 PM--host_identifier should be the value 'uuid' or 'hostname' not an IP address, or remove the whole line it will default to hostname, maybe this helps your issue.
And probably --tls_hostname should be the systemname used to create the cert
x
xiaoliuzi
04/17/2020, 8:19 AMthanks, I have fixed this problem。
👍 1
s
Shantanu
07/03/2020, 10:23 PMI am facing a similar problem. Where can I find the root ca?
s
SK
07/05/2020, 3:17 PMHey @Shantanu root CA should be available when you navigate to Kolide webpage.
s
Shantanu
07/05/2020, 8:13 PMDo you mean the kolide server webpage or the kolide website?
s
SK
07/06/2020, 8:42 AMYour kolide server webpage, you should be able to download the cert chain from there.
s
Shantanu
07/06/2020, 5:24 PMIs it the same in case of self signed certs? I am able to add ubuntu hosts to fleet using the pem file I get from the kolide server when I click on add new hosts. This error pops up only while adding windows host using the same pem file.
s
SK
07/06/2020, 5:59 PM@Shantanu not sure about that. If it works for Ubuntu it should work for Windows I guess. Check in the #windows channel if anyone else has experienced this.
s
Shantanu
07/06/2020, 6:40 PM@SK I found a few posts with same problem but no solution to those. I have posted my issue on #kolide as well- https://osquery.slack.com/archives/C1XCLA5DZ/p1593818071187900
5 Views