https://github.com/osquery/osquery logo
Join Slack
Powered by
The CA that signed it is a local CA, do I need to ...
# kolide
n
The CA that signed it is a local CA, do I need to include the entire chain?
g
yes
n
So in the .pem file I specify in the flags file, this should include both the root CA and the fleet cert then, not two seperate files?
I added it to the certs.pem file but it didnt seem to take, I didnt know if both were used in conjunction
g
you need the root ca and any intermediaries on the client. you need the full chain on the server
also the hostname must agree
n
Getting the same error still. The domain root CA is installed on the windows host. The fleet server cert, signed by the domain CA, is specified in the flags file. Hostname agrees (just fleet.domain.com), accessing it on something like chrome from the same workstation returns no errors either.
g
accessing it on chrome means nothing as far as what osquery trusts
mostly because osquery wont use system roots
you’re specifying a chain to osquery via a CLI flag. that chain should contain whats necessary for osquery to trust fleet
does the pem file you provide to osqueryd have the CA? or just the leaf?
n
It was just the leaf, let me try adding the domain CA certificate to the file.
I've never had to specify an entire chain in one .pem, anything special or just append?
g
n
It worked!
You're a legend mate, thanks.
I've been banging my head against that for the better part of today, I thought it was using the host's CA store as well.
g
if you don’t pass the flag at all, osqueryd should use the host CA store
but idk if that’s true on windows, and is a relatively recent addition to osquery. i’m very used to just providing the full chain myself
n
Thats fair
Any plans on launcher for windows in the near future? We're rolling out launcher for all of our linux hosts, but we also are supporting a ton of windows as well
g
near future == likely in december. we’re actively working on it
in fact you can use it in master today. the only missing bit is the MSI which i’m working on today
n
Oh thats awesome
Open in Slack
PreviousNext
Powered by