Sebastiaan
05/24/2023, 3:15 PMfleetctl package --type=pkg --fleet-url=<https://URLHERE> --enroll-secret=SECRETHERE --fleet-certificate=tls.pem --identifier="com.identifier.here"
• Install the resulting package on a macbook
• Enable the verbose flag, manually, in the osquery.flags file on that macbookLucas Rodriguez
05/24/2023, 3:15 PM/var/log/orbit/orbit.stderr.log
in the macbookSebastiaan
05/24/2023, 3:21 PMLucas Rodriguez
05/24/2023, 3:22 PM--insecure
and removing the --fleet-certificate
flag when running the fleetctl package
command and re-install.Sebastiaan
05/24/2023, 3:23 PMLucas Rodriguez
05/24/2023, 3:25 PMcurl
using such tls.pem
and connecting to Fleet to troubleshoot any certificate issues.this is because the hostname of the server is not in the common name field of the certificate? we use a wildcard certificate for this setupSounds like it.
Sebastiaan
05/24/2023, 3:32 PMLucas Rodriguez
05/24/2023, 3:33 PMSebastiaan
05/24/2023, 3:34 PM2023-05-24T17:33:15+02:00 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate signed by unknown authority"
2023-05-24T17:33:15+02:00 INF token rotation is enabled
2023-05-24T17:33:16+02:00 INF using insecure TLS proxy addr=localhost:59598 target=<https://fleet.security.pleo.io>
I0524 17:33:47.612071 1885122560 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:59598/api/v1/osquery/distributed/read>
I0524 17:33:47.860929 1885122560 distributed.cpp:173] Executing distributed query: fleet_distributed_query_6: SELECT * FROM osquery_info;
I0524 17:33:47.862823 1885122560 tls.cpp:263] TLS/HTTPS POST request to URI: <https://localhost:59598/api/v1/osquery/distributed/write>
Lucas Rodriguez
05/24/2023, 3:34 PMSebastiaan
05/24/2023, 3:34 PMLucas Rodriguez
05/24/2023, 3:34 PM2023-05-24T17:33:15+02:00 INF Failed to connect to Fleet server. Osquery connection may fail. error="dial for validate: verify certificate: x509: certificate signed by unknown authority"This might be an expected log, but things should work now.
Sebastiaan
05/24/2023, 3:35 PM