I'm trying to deploy new fleet environment and I'm...
# fleetj
jimmy
08/24/2022, 1:02 PMI'm trying to deploy new fleet environment and I'm having a trouble with the certificate, when I'm logging to my web site it's says: "secured" , and when I'm trying to connect to the fleet with an osquery agent, I am getting the error: "certificate verify failed", the agent flag: tls_server_certs is set to the .crt file that fleet is using()
can you help me with this one please?
s
sharvil
08/24/2022, 1:48 PMhey @jimmy, are you using orbit?
j
jimmy
08/24/2022, 2:06 PMno
s
sharvil
08/24/2022, 2:50 PMis the fleet.crt self-signed, osquery might require the full cert chain iirc
sharvil
08/24/2022, 2:51 PMhow did you generate the fleet.crt?
j
jimmy
08/24/2022, 3:11 PMI work in cyber compony that has private crt generetor
jimmy
08/24/2022, 3:12 PMI made 2 files for fleet .crt file and .key file, and to osquery flag tls_server_certs i gave only the the .crt file
jimmy
08/24/2022, 3:20 PMand yes its self singed
s
sharvil
08/24/2022, 4:24 PMI think that would require either trusting the self signed cert on the host, or supplying the full tls cert chain
j
jimmy
08/24/2022, 8:13 PMwhat do you mean by "I think that would require either trusting the self signed cert on the host,"
jimmy
08/24/2022, 8:14 PMand what is the full tls cert chain?
jimmy
08/25/2022, 12:14 PMI will describe what I did step by step:
1. I deployed a fleet pod webserver
2. I created an self singed certificate, a crt and key.
3. I created an ingress to enable tls termination to the pod with the self singed certificate.
4. when I enter to the node that I terminate tls it said that the connection is secured, and that the certificate is ok
5. then I tried to connect my osquery agent with the .crt file that I created at step 2 and when I run osqueried --verbose i get the error "certificate verify failed:
2 Views