https://github.com/osquery/osquery logo
#kolide
Title
# kolide
j

James Tam

07/11/2019, 10:33 PM
how does the --root_pem flag work for package_builder make? if the flag is set to "C:\ProgramData\osquery\certs\server.pem" for example, the new host where the package is installed needs to have the file in the same directory on the host machine?
z

zwass

07/11/2019, 10:35 PM
The PEM will be copied into the package.
👆 1
j

James Tam

07/11/2019, 10:58 PM
is it possible with some flag for the host machine installing the package to require some sort of authorization, like a private key?
z

zwass

07/11/2019, 10:59 PM
You want the package to authorize the machine it is installing on?
s

seph

07/11/2019, 11:12 PM
I’m not sure I understand that question
endpoints do require authorization. That’s the enroll secret. Are you looking for something else?
j

James Tam

07/16/2019, 10:11 PM
@seph I suppose it would be like what @zwass is describing. I'm a newbie with SSL/TLS but from what I heard from the project manager, he wants the package to also authorize based on the certificate the endpoint machine has. Either it was a certificate or a private key
s

seph

07/16/2019, 10:12 PM
AFAIK there is no support for x509 auth in the TLS protocol.
The client verifies the server cert via normal means.
and the server verifies the client first with an enroll secret (generally this is in the package) and then by the node key
i'm not really sure if you're asking for something different, or what.