Channels
  • s

    Sujit Jagdev

    2 years ago
    Need some noobie help. I0412 14:08:38.742949 11449 tls.cpp:253] TLS/HTTPS POST request to URI: https://localhost:8080/api/v1/osquery/enroll W0412 14:08:38.750748 11449 tls_enroll.cpp:76] Failed enrollment request to https://localhost:8080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... Any advice?
  • SK

    SK

    2 years ago
    You will need to put the whole cert chain in the cert file for the OSQuery agent.
  • x

    xiaoliuzi

    2 years ago
    I am a newbie, how to put the whole cert chain in the cert file for the OSQuery agent.
  • SK

    SK

    2 years ago
    @xiaoliuziDid you fix it already? Just saw your message.
  • x

    xiaoliuzi

    2 years ago
    no no no ,I do not fix it. What method do you have?
  • SK

    SK

    2 years ago
    You will need to put the whole cert chain in the cert file for the osquery agent to work
  • x

    xiaoliuzi

    2 years ago
    The server.pem and enroll_secret?
    I use this.
    sudo osqueryd \ --enroll_secret_path=/var/osquery/enroll_secret \ --tls_server_certs=/var/osquery/server.pem \ --tls_hostname=192.168.10.101:8080 \ --host_identifier=192.168.10.103 \ --enroll_tls_endpoint=/api/v1/osquery/enroll \ --config_plugin=tls \ --config_tls_endpoint=/api/v1/osquery/config \ --config_refresh=10 \ --disable_distributed=false \ --distributed_plugin=tls \ --distributed_interval=10 \ --distributed_tls_max_attempts=3 \ --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read \ --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write \ --logger_plugin=tls \ --logger_tls_endpoint=/api/v1/osquery/log \ --logger_tls_period=10
  • SK

    SK

    2 years ago
    In the pem you will need to add also the root ca
  • x

    xiaoliuzi

    2 years ago
    Should I copy the root ca to pem?
  • SK

    SK

    2 years ago
    yes and all intermediate for the kolide server, the osquery agent needs the whole chain to be able to authenticate
  • x

    xiaoliuzi

    2 years ago
    The kolide server and osquery are on the same LAN. Are there any intermediate products?
  • SK

    SK

    2 years ago
    With intermediate I mean possible intermediate CAs in your cert-chain, so root CA and all intermediate CAs and than kolide cert
  • x

    xiaoliuzi

    2 years ago
    E0416 23: 11: <tel:194864386129|19.486438 6129 init.cpp: 509] Cannot activate tls logger plugin: No node key, TLS logging disabled. Why is this?
  • SK

    SK

    2 years ago
    --host_identifier should be the value 'uuid' or 'hostname' not an IP address, or remove the whole line it will default to hostname, maybe this helps your issue.
    And probably --tls_hostname should be the systemname used to create the cert
  • x

    xiaoliuzi

    2 years ago
    thanks, I have fixed this problem。
  • s

    Shantanu

    1 year ago
    I am facing a similar problem. Where can I find the root ca?
  • SK

    SK

    1 year ago
    Hey @Shantanu root CA should be available when you navigate to Kolide webpage.
  • s

    Shantanu

    1 year ago
    Do you mean the kolide server webpage or the kolide website?
  • SK

    SK

    1 year ago
    Your kolide server webpage, you should be able to download the cert chain from there.
  • s

    Shantanu

    1 year ago
    Is it the same in case of self signed certs? I am able to add ubuntu hosts to fleet using the pem file I get from the kolide server when I click on add new hosts. This error pops up only while adding windows host using the same pem file.
  • SK

    SK

    1 year ago
    @Shantanu not sure about that. If it works for Ubuntu it should work for Windows I guess. Check in the #windows channel if anyone else has experienced this.