https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
p

peanut butter

08/03/2022, 3:48 PM
when I'm trying to connect osquery agent to fleet I get that error msg: "W0803 084550.922413 77924 tls_enroll.cpp:101] Failed enrollment request to https://localhost:8080/api/osquery/enroll (Request error: certificate verify failed) retrying..." it happens after i run that command: sudo /usr/bin/osqueryd --enroll_secret_path=/var/osquery/enroll_secret --tls_server_certs=/var/osquery/fleet.pem --tls_hostname=localhost:8080 --host_identifier=instance --enroll_tls_endpoint=/api/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/osquery/config --config_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/osquery/distributed/read --distributed_tls_write_endpoint=/api/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/osquery/log --logger_tls_period=10 its fleet 3.5.1 if it matters.
k

Kathy Satterlee

08/04/2022, 7:42 PM
Hi, @peanut butter! Are you still having trouble getting your host enrolled?
p

peanut butter

08/05/2022, 3:36 PM
yes
k

Kathy Satterlee

08/05/2022, 4:01 PM
Are you seeing anything in the fleet server logs when attempting to enroll?
Here's some info on common certificate issues that may be helpful as well: https://fleetdm.com/docs/deploying/faq#how-do-i-fix-certificate-verify-failed-errors-from-osqueryd
p

peanut butter

08/05/2022, 6:09 PM
im getting that log from the the fleet service: "http: TLS handshake error from 127.0.0.133022 local error: tls: bad record MAC"
k

Kathy Satterlee

08/05/2022, 6:21 PM
Okay. The request is at least making it that far! Sounds like there's an issue with the certificate. Did you generate that yourself for localhost?
p

peanut butter

08/06/2022, 10:48 AM
im doing this by your example: openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /tmp/server.key -out /tmp/server.cert -subj "/CN=192.168.52.128” \ -addext "subjectAltName=DNS:192.168.52.128” and the other certificate I downlowd form the my fleet webserver.
k

Kathy Satterlee

08/08/2022, 2:06 PM
Ah! Try listing the IP as listed for the CN as the hostname.
p

peanut butter

08/09/2022, 5:41 PM
what do you mean?
k

Kathy Satterlee

08/09/2022, 5:43 PM
The certificate is being issued using an IP address of ‘192.168.52.128’ as the CN (Common Name). Assuming that is the public IP of your Fleet server, that's what you'd need to use as the hostname passed to osquery
Or create a new certificate with ‘localhost’ as the CN if you're just testing locally.
p

peanut butter

08/10/2022, 8:12 PM
11 Views
Powered by