when I'm trying to connect osquery agent to fleet ...
# fleetp
peanut butter
08/03/2022, 3:48 PMwhen I'm trying to connect osquery agent to fleet I get that error msg:
"W0803 084550.922413 77924 tls_enroll.cpp:101] Failed enrollment request to https://localhost:8080/api/osquery/enroll (Request error: certificate verify failed) retrying..."
it happens after i run that command:
sudo /usr/bin/osqueryd --enroll_secret_path=/var/osquery/enroll_secret --tls_server_certs=/var/osquery/fleet.pem --tls_hostname=localhost:8080 --host_identifier=instance --enroll_tls_endpoint=/api/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/osquery/config --config_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/osquery/distributed/read --distributed_tls_write_endpoint=/api/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/osquery/log --logger_tls_period=10
its fleet 3.5.1 if it matters.
k
Kathy Satterlee
08/04/2022, 7:42 PMHi, @peanut butter! Are you still having trouble getting your host enrolled?
p
peanut butter
08/05/2022, 3:36 PMyes
k
Kathy Satterlee
08/05/2022, 4:01 PMAre you seeing anything in the fleet server logs when attempting to enroll?
Kathy Satterlee
08/05/2022, 4:03 PMHere's some info on common certificate issues that may be helpful as well:
https://fleetdm.com/docs/deploying/faq#how-do-i-fix-certificate-verify-failed-errors-from-osqueryd
p
peanut butter
08/05/2022, 6:09 PMim getting that log from the the fleet service:
"http: TLS handshake error from 127.0.0.133022 local error: tls: bad record MAC"
k
Kathy Satterlee
08/05/2022, 6:21 PMOkay. The request is at least making it that far! Sounds like there's an issue with the certificate. Did you generate that yourself for localhost?
p
peanut butter
08/06/2022, 10:48 AMim doing this by your example:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /tmp/server.key -out /tmp/server.cert -subj "/CN=192.168.52.128” \
-addext "subjectAltName=DNS:192.168.52.128”
and the other certificate I downlowd form the my fleet webserver.
k
Kathy Satterlee
08/08/2022, 2:06 PMAh! Try listing the IP as listed for the CN as the hostname.
p
peanut butter
08/09/2022, 5:41 PMwhat do you mean?
k
Kathy Satterlee
08/09/2022, 5:43 PMThe certificate is being issued using an IP address of ‘192.168.52.128’ as the CN (Common Name). Assuming that is the public IP of your Fleet server, that's what you'd need to use as the hostname passed to osquery
Kathy Satterlee
08/09/2022, 5:45 PMOr create a new certificate with ‘localhost’ as the CN if you're just testing locally.
p
peanut butter
08/10/2022, 8:12 PM13 Views