Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
j
joe_antony1
05/01/2020, 6:48 AMmy osquery agent from linux is working fine with kolide however when trying to integrate with Windows osquery with kolide then getting the following err
http: TLS handshake error from 10.10.10.1:66566 local error: tls: bad record MAC
can someone help please
z
zwass
05/01/2020, 4:08 PMIs
10.10.10.1:66566j
joe_antony1
05/01/2020, 5:52 PM10.10.10.1 is the windows server where the osquery agent is installed.
kolide is running on 10.10.10.127:8080
z
zwass
05/01/2020, 5:57 PMIt looks like osquery is trying to connect to 10.10.10.1
s
Shantanu
07/03/2020, 11:07 PMDid you figure this out? I am getting the same error
d
Daniel Wyleczuk-Stern
10/12/2020, 4:14 PMHave there been any answers to this? I've searched the fleet github as well as this Slack channel and it doesn't seem like there's an answer
Ayyyy I got it. This is probably happening for other people with test deployments. Don't blindly accept the defaults when generating a CSR with openssl. In my below example, I set the FQDN to my internal IP and it started working.
root@ip-172-29-81-203:~# !18
openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out example.crt -keyout example.key
Generating a RSA private key
............................................................................................................++++
..................++++
writing new private key to 'example.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:SF
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:172.24.17.4z
zwass
10/12/2020, 4:43 PMYes, the FQDN must match. Usually I would expect to see a "certificate verify failed" error, but it's good to know that this error message can also come up.
d
Daniel Wyleczuk-Stern
10/12/2020, 4:59 PM👍 I pinged you on github too on a closed issue with my recommendation for what to add to the readme
z
zwass
10/12/2020, 6:37 PMWant to PR it? Otherwise I am happy to add it myself. Thank you.
d
Daniel Wyleczuk-Stern
10/13/2020, 1:21 PMPR submitted