Title
#kolide
d

David

06/10/2020, 9:54 PM
Can we use wildcard certificates for --tls_server_certs=? My certificate is issued to CN = *.lab.mydomain.com I am getting an error when pointing to my .pem file --tls_server_certs=C:\ProgramData\osquery\cert.pem (Request error: certificate verify failed) Here is my flags file
--tls_hostname=<http://mykolide.lab.mydomain.com:8080|mykolide.lab.mydomain.com:8080>

--tls_server_certs=C:\ProgramData\osquery\cert.pem

--enroll_secret_path=C:\ProgramData\osquery\secret.txt

--host_identifier=hostname

--config_plugin=tls

--config_tls_endpoint=/api/v1/osquery/config

--config_tls_refresh=120

--config_tls_max_attempts=3

--config_accelerated_refresh=60

--enroll_tls_endpoint=/api/v1/osquery/enroll

--disable_distributed=false

--distributed_plugin=tls

--distributed_interval=60

--distributed_tls_max_attempts=3

--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read

--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write

--logger_plugin=tls

--logger_tls_endpoint=/api/v1/osquery/log

--logger_tls_period=60

--disable_audit=false

--audit_allow_config=true

--audit_persist=true

--disable_carver=true

--config_refresh=60

--buffered_log_max=500000
10:36 PM
Same error if I use the certificate downloaded from the hosts/manage page: "Download Server Certificate (Optional) If you use the native osquery TLS plugins, Osquery requires the same TLS certificate that Fleet is using in order to authenticate. You can fetch the certificate below:"