when I'm trying to connect osquery agent to fleet I get that error msg:
"W0803 08:45:50.922413 77924 tls_enroll.cpp:101] Failed enrollment request to https://localhost:8080/api/osquery/enroll (Request error: certificate verify failed) retrying..."
it happens after i run that command:
sudo /usr/bin/osqueryd --enroll_secret_path=/var/osquery/enroll_secret --tls_server_certs=/var/osquery/fleet.pem --tls_hostname=localhost:8080 --host_identifier=instance --enroll_tls_endpoint=/api/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/osquery/config --config_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/osquery/distributed/read --distributed_tls_write_endpoint=/api/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/osquery/log --logger_tls_period=10its fleet 3.5.1 if it matters.
08/04/2022, 7:42 PM
Hi, @peanut butter! Are you still having trouble getting your host enrolled?
08/05/2022, 3:36 PM
08/05/2022, 4:01 PM
Are you seeing anything in the fleet server logs when attempting to enroll?
im getting that log from the the fleet service:
"http: TLS handshake error from 127.0.0.1:33022: local error: tls: bad record MAC"
08/05/2022, 6:21 PM
Okay. The request is at least making it that far! Sounds like there's an issue with the certificate. Did you generate that yourself for localhost?
08/06/2022, 10:48 AM
im doing this by your example:openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /tmp/server.key -out /tmp/server.cert -subj "/CN=192.168.52.128” \
-addext "subjectAltName=DNS:192.168.52.128”and the other certificate I downlowd form the my fleet webserver.
08/08/2022, 2:06 PM
Ah! Try listing the IP as listed for the CN as the hostname.
08/09/2022, 5:41 PM
what do you mean?
08/09/2022, 5:43 PM
The certificate is being issued using an IP address of ‘192.168.52.128’ as the CN (Common Name). Assuming that is the public IP of your Fleet server, that's what you'd need to use as the hostname passed to osquery
Or create a new certificate with ‘localhost’ as the CN if you're just testing locally.