I actually used valid LetsEncrypt and still had to...
# kolidem
Michael Bailey
11/20/2018, 9:29 PMI actually used valid LetsEncrypt and still had to specify the entire chain. I guess intermediate CAs break it?
z
zwass
11/20/2018, 9:45 PM
On which platform? Normally you should not have to specify the cert manually if you use a valid LetsEncrypt cert.
m
Michael Bailey
11/20/2018, 10:18 PMWindows, was a while ago so can’t rerpo unfortunately
z
zwass
11/20/2018, 11:07 PM
Ah I think that issue may have been resolved in osquery within the last year or so. Could be fixed.
d
defensivedepth
12/09/2019, 5:57 PMJust a follow-up. Latest version of both osquery & Fleet and I still have to specify the entire LetsEncrypt chain.
z
zwass
12/09/2019, 6:00 PM
Yes -- on Windows osquery still does not use the system trusted certs. A default osquery install includes a cert bundle that can be used and I think would work with LetsEncrypt.
d
defensivedepth
12/09/2019, 6:05 PMdefault Windows osquery install (4.1.1) and I don't see the cert bundle anywhere - there is a
certsz
zwass
12/09/2019, 6:07 PM
Ah, I'll file an issue on that.
👍 1
zwass
12/09/2019, 6:14 PM