Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
o
Oleg Koreev
07/15/2022, 1:51 PMHi all! I'm trying to configure mTLS (FleetDM), but I can't find anything about it in the documentation and the client generated by the packer doesn't support keys for client authentication. Is it possible?
If i understand correctly, I need use native client?
l
Lucas Rodriguez
07/15/2022, 4:07 PMHi Oleg!
What do you mean by packer? Maybe you mean Orbit?
If so, Orbit currently does not support setting client certificates for osquery to use yet (shouldn't be hard to add such support in the near future).
Fleet doesn't support mTLS by itself, but users have basically implemented mTLS by running Fleet behind a TLS terminator that does support it (e.g. nginx).
👀 1
o
Oleg Koreev
07/18/2022, 7:09 AMYes, that's exactly the scenario I was considering. And as it turned out, while it is poorly implemented. Since now many people work remotely, certificate delivery requires SCEP, it is also impossible to use MDM certificates because they are in the certificate store, and the client does not support working with the certificate store.
l
Lucas Rodriguez
07/18/2022, 12:30 PMHi @Oleg Koreev! Ah I see.
because they are in the certificate storeWhat do you mean by "the certificate store" here?
👀 1
a
Ando
03/17/2023, 7:15 AMRelevant: adding support for mTLS flags to the packer (
fleetctl packageReleased. But... not for community edition :face_holding_back_tears:
https://github.com/fleetdm/fleet/pull/11319