I'm trying to deploy new fleet environment and I'm having a trouble with the certificate, when I'm logging to my web site it's says: "secured" , and when I'm trying to connect to the fleet with an osquery agent, I am getting the error: "certificate verify failed", the agent flag: tls_server_certs is set to the .crt file that fleet is using()
can you help me with this one please?
08/24/2022, 1:48 PM
hey @jimmy, are you using orbit?
08/24/2022, 2:06 PM
08/24/2022, 2:50 PM
is the fleet.crt self-signed, osquery might require the full cert chain iirc
how did you generate the fleet.crt?
08/24/2022, 3:11 PM
I work in cyber compony that has private crt generetor
I made 2 files for fleet .crt file and .key file, and to osquery flag tls_server_certs i gave only the the .crt file
and yes its self singed
08/24/2022, 4:24 PM
I think that would require either trusting the self signed cert on the host, or supplying the full tls cert chain
08/24/2022, 8:13 PM
what do you mean by "I think that would require either trusting the self signed cert on the host,"
and what is the full tls cert chain?
I will describe what I did step by step:
1. I deployed a fleet pod webserver
2. I created an self singed certificate, a crt and key.
3. I created an ingress to enable tls termination to the pod with the self singed certificate.
4. when I enter to the node that I terminate tls it said that the connection is secured, and that the certificate is ok
5. then I tried to connect my osquery agent with the .crt file that I created at step 2 and when I run osqueried --verbose i get the error "certificate verify failed: