Can we use wildcard certificates for tls server certs= My ce osquery #kolide

Can we use wildcard certificates for --tls_server_...

David

06/10/2020, 9:54 PM

Can we use wildcard certificates for --tls_server_certs=? My certificate is issued to CN = *.lab.mydomain.com I am getting an error when pointing to my .pem file --tls_server_certs=C:\ProgramData\osquery\cert.pem (Request error: certificate verify failed) Here is my flags file

Copy code

--tls_hostname=<http://mykolide.lab.mydomain.com:8080|mykolide.lab.mydomain.com:8080>

--tls_server_certs=C:\ProgramData\osquery\cert.pem

--enroll_secret_path=C:\ProgramData\osquery\secret.txt

--host_identifier=hostname

--config_plugin=tls

--config_tls_endpoint=/api/v1/osquery/config

--config_tls_refresh=120

--config_tls_max_attempts=3

--config_accelerated_refresh=60

--enroll_tls_endpoint=/api/v1/osquery/enroll

--disable_distributed=false

--distributed_plugin=tls

--distributed_interval=60

--distributed_tls_max_attempts=3

--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read

--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write

--logger_plugin=tls

--logger_tls_endpoint=/api/v1/osquery/log

--logger_tls_period=60

--disable_audit=false

--audit_allow_config=true

--audit_persist=true

--disable_carver=true

--config_refresh=60

--buffered_log_max=500000

David

06/10/2020, 10:36 PM

Same error if I use the certificate downloaded from the hosts/manage page: "_Download Server Certificate (Optional)_ _If you use the native osquery TLS plugins, Osquery requires the same TLS certificate that Fleet is using in order to authenticate. You can fetch the certificate below_:"

5 Views

Open in Slack

Previous Next