I just tried to launch the latest OSQuery in box a...
# fleetj
Justin Bowen
03/12/2021, 7:04 PMI just tried to launch the latest OSQuery in box and it never generated fleet.crt / fleet.key , and I can't seem to get OSQuery to accept a self signed cert on fleet (this is for testing) , any ideas?
z
zwass
03/12/2021, 7:05 PM
Those cert files are in the
osqueryj
Justin Bowen
03/12/2021, 7:06 PMRight, I generated them
Justin Bowen
03/12/2021, 7:06 PMBut for the moment, they are just self signed
Justin Bowen
03/12/2021, 7:06 PMCan I get osquery to allow with self signed?
z
zwass
03/12/2021, 7:07 PM
Yes, use the
--tls_server_certsj
Justin Bowen
03/12/2021, 7:11 PMz
zwass
03/12/2021, 7:14 PM
Probably need a
sudoj
Justin Bowen
03/12/2021, 7:20 PMI was calling out the cert verify failed error to be specific
z
zwass
03/12/2021, 7:34 PM
That was before or after using
--tls_server_certsj
Justin Bowen
03/12/2021, 9:40 PMafter
Justin Bowen
03/12/2021, 9:41 PMI used the Fleet UI instructions for adding a client
Justin Bowen
03/12/2021, 9:42 PMso i used the flagfile , server pem, and secret files it has you download then try to run it
z
zwass
03/12/2021, 10:59 PM
Can you paste the flagfile it gave you please?
s
spookerlabs
03/12/2021, 11:25 PM@Justin Bowen this could be FQDN problem. How did you create your certificate ? Some name and now using IP as hostname ? Could be the issue.
j
Justin Bowen
03/12/2021, 11:36 PMahh that would make sense
Justin Bowen
03/12/2021, 11:36 PMyes I used the ip address
z
zwass
03/12/2021, 11:37 PM
Yeah that is likely the issue
zwass
03/12/2021, 11:37 PM
If you generate a cert with matching IP SANs it will work.
j
Justin Bowen
03/12/2021, 11:37 PMCopy, ill work on that
z
zwass
03/12/2021, 11:42 PM
Or for a quick test you can always make an
/etc/hostsj
Justin Bowen
03/12/2021, 11:52 PMThat's the plan, thanks!
2 Views