https://github.com/osquery/osquery logo
Title
j

joe_antony1

05/01/2020, 6:48 AM
my osquery agent from linux is working fine with kolide however when trying to integrate with Windows osquery with kolide then getting the following err http: TLS handshake error from 10.10.10.1:66566 local error: tls: bad record MAC can someone help please
z

zwass

05/01/2020, 4:08 PM
Is
10.10.10.1:66566
the expected server address?
j

joe_antony1

05/01/2020, 5:52 PM
10.10.10.1 is the windows server where the osquery agent is installed.
kolide is running on 10.10.10.127:8080
z

zwass

05/01/2020, 5:57 PM
It looks like osquery is trying to connect to 10.10.10.1
s

Shantanu

07/03/2020, 11:07 PM
Did you figure this out? I am getting the same error
d

Daniel Wyleczuk-Stern

10/12/2020, 4:14 PM
Have there been any answers to this? I've searched the fleet github as well as this Slack channel and it doesn't seem like there's an answer
Ayyyy I got it. This is probably happening for other people with test deployments. Don't blindly accept the defaults when generating a CSR with openssl. In my below example, I set the FQDN to my internal IP and it started working.
root@ip-172-29-81-203:~# !18
openssl req -newkey rsa:4096             -x509             -sha256             -days 3650             -nodes             -out example.crt             -keyout example.key
Generating a RSA private key
............................................................................................................++++
..................++++
writing new private key to 'example.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:SF
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:172.24.17.4
z

zwass

10/12/2020, 4:43 PM
Yes, the FQDN must match. Usually I would expect to see a "certificate verify failed" error, but it's good to know that this error message can also come up.
d

Daniel Wyleczuk-Stern

10/12/2020, 4:59 PM
👍 I pinged you on github too on a closed issue with my recommendation for what to add to the readme
z

zwass

10/12/2020, 6:37 PM
Want to PR it? Otherwise I am happy to add it myself. Thank you.
d

Daniel Wyleczuk-Stern

10/13/2020, 1:21 PM
PR submitted