• j

    joe_antony1

    2 years ago
    my osquery agent from linux is working fine with kolide however when trying to integrate with Windows osquery with kolide then getting the following err http: TLS handshake error from 10.10.10.1:66566 local error: tls: bad record MAC can someone help please
  • zwass

    zwass

    2 years ago
    Is
    10.10.10.1:66566
    the expected server address?
  • j

    joe_antony1

    2 years ago
    10.10.10.1 is the windows server where the osquery agent is installed.
  • kolide is running on 10.10.10.127:8080
  • zwass

    zwass

    2 years ago
    It looks like osquery is trying to connect to 10.10.10.1
  • s

    Shantanu

    2 years ago
    Did you figure this out? I am getting the same error
  • d

    Daniel Wyleczuk-Stern

    1 year ago
    Have there been any answers to this? I've searched the fleet github as well as this Slack channel and it doesn't seem like there's an answer
  • Ayyyy I got it. This is probably happening for other people with test deployments. Don't blindly accept the defaults when generating a CSR with openssl. In my below example, I set the FQDN to my internal IP and it started working.
    root@ip-172-29-81-203:~# !18
    openssl req -newkey rsa:4096             -x509             -sha256             -days 3650             -nodes             -out example.crt             -keyout example.key
    Generating a RSA private key
    ............................................................................................................++++
    ..................++++
    writing new private key to 'example.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:CA
    Locality Name (eg, city) []:SF
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:172.24.17.4
  • zwass

    zwass

    1 year ago
    Yes, the FQDN must match. Usually I would expect to see a "certificate verify failed" error, but it's good to know that this error message can also come up.
  • d

    Daniel Wyleczuk-Stern

    1 year ago
    👍 I pinged you on github too on a closed issue with my recommendation for what to add to the readme
  • zwass

    zwass

    1 year ago
    Want to PR it? Otherwise I am happy to add it myself. Thank you.
  • d

    Daniel Wyleczuk-Stern

    1 year ago
    PR submitted