I just tried to launch the latest OSQuery in box a...
# fleet
j
I just tried to launch the latest OSQuery in box and it never generated fleet.crt / fleet.key , and I can't seem to get OSQuery to accept a self signed cert on fleet (this is for testing) , any ideas?
z
Those cert files are in the
osquery
directory. Does that help?
j
Right, I generated them
But for the moment, they are just self signed
Can I get osquery to allow with self signed?
z
Yes, use the
--tls_server_certs
flag with osquery.
j
z
Probably need a
sudo
there, or else configure a different path for the pidfile
j
I was calling out the cert verify failed error to be specific
z
That was before or after using
--tls_server_certs
flag?
j
after
I used the Fleet UI instructions for adding a client
so i used the flagfile , server pem, and secret files it has you download then try to run it
z
Can you paste the flagfile it gave you please?
s
@Justin Bowen this could be FQDN problem. How did you create your certificate ? Some name and now using IP as hostname ? Could be the issue.
j
ahh that would make sense
yes I used the ip address
z
Yeah that is likely the issue
If you generate a cert with matching IP SANs it will work.
j
Copy, ill work on that
z
Or for a quick test you can always make an
/etc/hosts
entry
j
That's the plan, thanks!