I just tried to launch the latest OSQuery in box and it neve

Question

I just tried to launch the latest OSQuery in box and it never generated fleet crt fleet key and I can t seem to get OSQuery to accept a self signed cert on fleet this is for testing any ideas

zwass · Answer

Those cert files are in the `osquery` directory Does that help

Justin Bowen · Answer

Right I generated them

Justin Bowen · Answer

But for the moment they are just self signed

Justin Bowen · Answer

Can I get osquery to allow with self signed

zwass · Answer

Yes use the ` tls server certs` flag with osquery

zwass · Answer

Probably need a `sudo` there or else configure a different path for the pidfile

Justin Bowen · Answer

I was calling out the cert verify failed error to be specific

zwass · Answer

That was before or after using ` tls server certs` flag

Justin Bowen · Answer

after

Justin Bowen · Answer

I used the Fleet UI instructions for adding a client

Justin Bowen · Answer

so i used the flagfile server pem and secret files it has you download then try to run it

zwass · Answer

Can you paste the flagfile it gave you please

spookerlabs · Answer

< Justin Bowen> this could be FQDN problem How did you create your certificate Some name and now using IP as hostname Could be the issue

Justin Bowen · Answer

ahh that would make sense

Justin Bowen · Answer

yes I used the ip address

zwass · Answer

Yeah that is likely the issue

zwass · Answer

If you generate a cert with matching IP SANs it will work

Justin Bowen · Answer

Copy ill work on that

zwass · Answer

Or for a quick test you can always make an ` etc hosts` entry

Justin Bowen · Answer

That s the plan thanks