n0b00de
12/14/2021, 10:23 PM--flee-certificate
flag the issue I'm facing is that once I attempt to install the package on an endpoint it fails with either of the two errors below (rpm/msi). If I generate the packages with the --insecure
flag I am able to install the packages on my endpoints successfully. Any suggestions on a direction to troubleshoot this situation?Lucas Rodriguez
12/14/2021, 10:39 PMfleetctl
command used to generate the installers, also please provide the out put of fleetctl --version
.n0b00de
12/14/2021, 10:57 PM./fleetctl package --type msi --fleet-url=<https://PRIVATE_IP:8080> --enroll-secret=SECRET --fleet-certificate /root/f1eet.pem --debug
Lucas Rodriguez
12/14/2021, 11:05 PMorbit
)n0b00de
12/14/2021, 11:06 PMLucas Rodriguez
12/14/2021, 11:07 PMn0b00de
12/14/2021, 11:08 PMLucas Rodriguez
12/14/2021, 11:08 PMfleetctl
v4.7.0
(released today).zwass
n0b00de
12/14/2021, 11:13 PMzwass
fleetctl debug connection
could helpn0b00de
12/14/2021, 11:22 PMLucas Rodriguez
12/14/2021, 11:34 PMnc/netcat
)?n0b00de
12/14/2021, 11:36 PMLucas Rodriguez
12/14/2021, 11:39 PM--insecure
works, it's most likely a cert issue.n0b00de
12/14/2021, 11:55 PMLucas Rodriguez
12/15/2021, 12:19 AMfleet.pem
and execute the same openssl
successfully.fleet.pem
with a text editor and see if it looks good or there are any new line issues in it.)$ fleetctl get config --include-server-config
[...]
server_settings:
[...]
server_url: https://...
[...]
n0b00de
12/15/2021, 12:32 AMundefined
Lucas Rodriguez
12/15/2021, 12:51 AMcat fleet.pem
undefined
then please confirm if such file with that content was provided by fleet's download pem option.zwass
undefined
is the actual contents of the file it's definitely not going to work. There may be some issue with the UI retrieving your server cert. You can just use the cert pem (NOT the private key!) that you provide to the server.n0b00de
12/15/2021, 1:28 AMundefined
I have confirmed downloading the file from the UI again still saysLucas Rodriguez
12/15/2021, 12:23 PMYou can just use the cert pem (NOT the private key!) that you provide to the server.Hi Let us know if this works.
n0b00de
12/15/2021, 3:44 PM/etc/pki/tls/cert.pem
and the pem that i downloaded from the UI still reads undefined
Lucas Rodriguez
12/15/2021, 3:52 PMYou can just use the cert pem (NOT the private key!) that you provide to the server.By this I think Zach means using the PEM you provide to
fleet serve
in --server_cert
or FLEET_SERVER_CERT
.n0b00de
12/15/2021, 5:34 PMFLEET_SERVER_CERT
but the endpoint is not showing up in the fleet UI but it shows as runningLucas Rodriguez
12/15/2021, 8:35 PM