Sebastiaan
05/24/2023, 3:15 PMfleetctl package --type=pkg --fleet-url=<https://URLHERE> --enroll-secret=SECRETHERE --fleet-certificate=tls.pem --identifier="com.identifier.here"
• Install the resulting package on a macbook
• Enable the verbose flag, manually, in the osquery.flags file on that macbookLucas Rodriguez
05/24/2023, 3:15 PM/var/log/orbit/orbit.stderr.log
in the macbookLucas Rodriguez
05/24/2023, 3:16 PMSebastiaan
05/24/2023, 3:21 PMSebastiaan
05/24/2023, 3:21 PMLucas Rodriguez
05/24/2023, 3:22 PM--insecure
and removing the --fleet-certificate
flag when running the fleetctl package
command and re-install.Sebastiaan
05/24/2023, 3:23 PMLucas Rodriguez
05/24/2023, 3:25 PMcurl
using such tls.pem
and connecting to Fleet to troubleshoot any certificate issues.Lucas Rodriguez
05/24/2023, 3:25 PMthis is because the hostname of the server is not in the common name field of the certificate? we use a wildcard certificate for this setupSounds like it.
Sebastiaan
05/24/2023, 3:32 PMSebastiaan
05/24/2023, 3:32 PMSebastiaan
05/24/2023, 3:32 PMSebastiaan
05/24/2023, 3:33 PMLucas Rodriguez
05/24/2023, 3:33 PMSebastiaan
05/24/2023, 3:34 PM2023-05-24T17:33:15+02:00 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate signed by unknown authority"
2023-05-24T17:33:15+02:00 INF token rotation is enabled
2023-05-24T17:33:16+02:00 INF using insecure TLS proxy addr=localhost:59598 target=<https://fleet.security.pleo.io>
Sebastiaan
05/24/2023, 3:34 PMSebastiaan
05/24/2023, 3:34 PMI0524 17:33:47.612071 1885122560 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:59598/api/v1/osquery/distributed/read>
I0524 17:33:47.860929 1885122560 distributed.cpp:173] Executing distributed query: fleet_distributed_query_6: SELECT * FROM osquery_info;
I0524 17:33:47.862823 1885122560 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:59598/api/v1/osquery/distributed/write>
Lucas Rodriguez
05/24/2023, 3:34 PMSebastiaan
05/24/2023, 3:34 PMSebastiaan
05/24/2023, 3:34 PMLucas Rodriguez
05/24/2023, 3:34 PM2023-05-24T173315+02:00 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate signed by unknown authority"This might be an expected log, but things should work now.
Sebastiaan
05/24/2023, 3:35 PM