tls
  • zwass

    zwass

    11/06/2018, 8:30 PM
    ^ typo
  • clippy

    clippy

    11/08/2018, 9:01 PM
    @ryan try asking in #kolide. They should be able to help with kolide specific stuff
  • w

    WinMordekaiser

    10/22/2020, 3:21 AM
    Hi all, is there any way to update client's tls cert( 90000+) quickly? My server is kolide.
  • c

    cdown512

    02/25/2021, 6:04 PM
    Does anyone know offhand when using osquery in tls refresh mode for the config profile, if there is a valid profile downloaded and a schedule of queries handed off to the scheduler, then comms to the tls config endpoint serving the profile are interupted for subsequent refreshes, does the Scheduler continue running the last successfully refreshed schedule of queries?
  • CptOfEvilMinions

    CptOfEvilMinions

    08/23/2021, 10:58 PM
    EDIT: Answered my own question but leaving this here for others. Answer: https://osquery.slack.com/archives/C235GUPH8/p1524761280000300 If your Osquery TLS server serves a TLS certificate signed by a trusted authority like Digicert do you still need to place the pub cert on endpoints and use the
    --tls_server_certs=
    flag?
  • clong

    clong

    11/09/2021, 7:27 PM
    is there any way to force a refresh of the node key?
  • CptOfEvilMinions

    CptOfEvilMinions

    11/30/2021, 8:10 PM
    Can you specify
    --tls_server_certs=...
    more than once in a flags config? Like:
    --tls_hostname=<http://example.com|example.com>
    --tls_server_certs=blah1
    --tls_server_certs=blah2
  • o

    Oleg Koreev

    07/15/2022, 1:11 PM
    Hi all! I'm trying to configure mTLS (FleetDM), but I can't find anything about it in the documentation and the client generated by the packer doesn't support keys for client authentication. Is it possible?
  • j

    JL

    08/11/2022, 7:43 PM
    hello all. I’m stucking in a problem. My server has wildcard certificate *.test.company.com and the FQDN is final.test.company.com when a try to make a enroll the osquery return
    Failed enrollment request to <https://final.test.company.com/api/osquery/enroll> (No node key returned from TLS enroll plugin) retrying...
  • j

    JL

    08/11/2022, 7:46 PM
    When a make curl on /api/osquery/enroll and send the body everything works fine. is possible use osquery with wildcard certificates?
  • a

    Andre Pinter

    09/27/2022, 8:49 PM
    Hey folks, I'm writing a carve endpoint for our osquery server, but I'm confused on the format I should be returning errors to the client in. Any pointers here? I've been reading through the docs trying to find the answer too