Title
#kolide
m

Michael Bailey

11/20/2018, 9:29 PM
I actually used valid LetsEncrypt and still had to specify the entire chain. I guess intermediate CAs break it?
zwass

zwass

11/20/2018, 9:45 PM
On which platform? Normally you should not have to specify the cert manually if you use a valid LetsEncrypt cert.
m

Michael Bailey

11/20/2018, 10:18 PM
Windows, was a while ago so can’t rerpo unfortunately
zwass

zwass

11/20/2018, 11:07 PM
Ah I think that issue may have been resolved in osquery within the last year or so. Could be fixed.
defensivedepth

defensivedepth

12/09/2019, 5:57 PM
Just a follow-up. Latest version of both osquery & Fleet and I still have to specify the entire LetsEncrypt chain.
zwass

zwass

12/09/2019, 6:00 PM
Yes -- on Windows osquery still does not use the system trusted certs. A default osquery install includes a cert bundle that can be used and I think would work with LetsEncrypt.
defensivedepth

defensivedepth

12/09/2019, 6:05 PM
default Windows osquery install (4.1.1) and I don't see the cert bundle anywhere - there is a
certs
folder but nothing in it.
zwass

zwass

12/09/2019, 6:07 PM
Ah, I'll file an issue on that.