Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
d
David
06/10/2020, 9:54 PMCan we use wildcard certificates for --tls_server_certs=?
My certificate is issued to CN = *.lab.mydomain.com
I am getting an error when pointing to my .pem file --tls_server_certs=C:\ProgramData\osquery\cert.pem
(Request error: certificate verify failed)
Here is my flags file
--tls_hostname=<http://mykolide.lab.mydomain.com:8080|mykolide.lab.mydomain.com:8080>
--tls_server_certs=C:\ProgramData\osquery\cert.pem
--enroll_secret_path=C:\ProgramData\osquery\secret.txt
--host_identifier=hostname
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=120
--config_tls_max_attempts=3
--config_accelerated_refresh=60
--enroll_tls_endpoint=/api/v1/osquery/enroll
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=60
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=60
--disable_audit=false
--audit_allow_config=true
--audit_persist=true
--disable_carver=true
--config_refresh=60
--buffered_log_max=500000Same error if I use the certificate downloaded from the hosts/manage page: "_Download Server Certificate (Optional)_
_If you use the native osquery TLS plugins, Osquery requires the same TLS certificate that Fleet is using in order to authenticate. You can fetch the certificate below_:"