Title
#fleet
j

jimmy

08/24/2022, 1:02 PM
I'm trying to deploy new fleet environment and I'm having a trouble with the certificate, when I'm logging to my web site it's says: "secured" , and when I'm trying to connect to the fleet with an osquery agent, I am getting the error: "certificate verify failed", the agent flag: tls_server_certs is set to the .crt file that fleet is using() can you help me with this one please?
s

sharvil

08/24/2022, 1:48 PM
hey @jimmy, are you using orbit?
j

jimmy

08/24/2022, 2:06 PM
no
s

sharvil

08/24/2022, 2:50 PM
is the fleet.crt self-signed, osquery might require the full cert chain iirc
2:51 PM
how did you generate the fleet.crt?
j

jimmy

08/24/2022, 3:11 PM
I work in cyber compony that has private crt generetor
3:12 PM
I made 2 files for fleet .crt file and .key file, and to osquery flag tls_server_certs i gave only the the .crt file
3:20 PM
and yes its self singed
s

sharvil

08/24/2022, 4:24 PM
I think that would require either trusting the self signed cert on the host, or supplying the full tls cert chain
j

jimmy

08/24/2022, 8:13 PM
what do you mean by "I think that would require either trusting the self signed cert on the host,"
8:14 PM
and what is the full tls cert chain?
12:14 PM
I will describe what I did step by step:1. I deployed a fleet pod webserver 2. I created an self singed certificate, a crt and key. 3. I created an ingress to enable tls termination to the pod with the self singed certificate. 4. when I enter to the node that I terminate tls it said that the connection is secured, and that the certificate is ok 5. then I tried to connect my osquery agent with the .crt file that I created at step 2 and when I run osqueried --verbose i get the error "certificate verify failed: