wave I m looking for help enrolling osquery agents into flee

Question

wave I m looking for help enrolling osquery agents into fleet via TLS client certificates I filed a few weeks ago as directed in but haven t heard anything

DG · Answer

I know little but decided to toss something that someone could correct me later on in the tls common there is an integer that specifies how the server should behave

DG · Answer

type ClientAuthType int ClientAuthType declares the policy the server will follow for TLS Client Authentication const NoClientCert ClientAuthType = iota RequestClientCert RequireAnyClientCert VerifyClientCertIfGiven RequireAndVerifyClientCert

DG · Answer

that enumeration list on ClientAuthType is taken from the go version gt src pkg crypto tls common go

zwass · Answer

I replied to your issue there

DG · Answer

So never found that file went to mysql checked a few tables and not saved in DB as far as i can tell so I am glad someone else understands this better

DG · Answer

That suggestion of a proxy is a really good option enough trying to help for me back to lunch Thank you < zwass> was curious of the answer

zwass · Answer

If someone sets it up using a proxy please blog about it so we can all learn

crimsonknave · Answer

Thanks I ll take a look and see if it s worth it to set the proxy up

defensivedepth · Answer

I think you could setup the client auth with nginx somewhat easily and then reverse proxy it to Fleet gt

crimsonknave · Answer

It might make sense to update the doc that says to file an issue and just note that it s not supported at this time

defensivedepth · Answer

btw I never trust someone who says you can do it this way its easy gt It never ends up being easy wink

zwass · Answer

Put up a PR to update the docs

DG · Answer

See i was thinking the $$ money way F5 + APM or iRule

DG · Answer

I like when open source leads to open source and the community as a whole is enriched Been loving those in these slacks