Title
#kolide
k

Konstantin

08/23/2018, 3:10 PM
Hello. Can someone help me? I am doing a test installation of Kolide Fleet via docker images (fleet, mysql, redis, mailhog). When I press on "Fetch Kolide Certificate" nothing happens and I see the 500 error on browser console. How can I fix the error?
j

jackjack

08/23/2018, 5:00 PM
Hi! do you have a certificate?
5:00 PM
if you have already assigned a self-signed certs, maybe download that directly into your machine instead of downloading it form the GUI
k

Konstantin

08/23/2018, 5:47 PM
Hi! Yes, I have a certificate. But when I try to run an agent with it there is the error.
vi /etc/osquery/kolide.flags

 --enroll_secret_path=/etc/osquery/enrollment_secret
 --tls_server_certs=/etc/osquery/kolide.bankrc.local_8412.pem
 --tls_hostname=kolide.bankrc.local:8412
 --tls_dump=true
 --host_identifier=hostname
 --enroll_tls_endpoint=/api/v1/osquery/enroll
 --config_plugin=tls
 --config_tls_endpoint=/api/v1/osquery/config
 --config_tls_refresh=10
 --disable_distributed=false
 --distributed_plugin=tls
 --distributed_interval=10
 --distributed_tls_max_attempts=3
 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
 --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
 --logger_plugin=tls
 --logger_tls_endpoint=/api/v1/osquery/log
 --logger_tls_period=10
osqueryd --flagfile=/etc/osquery/kolide.flags
W0318 07:05:24.202896 13491 tls_enroll.cpp:66] Failed enrollment request to <https://kolide.bankrc.local:8412/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...
5:49 PM
I unchecked "Verify SSL Certs?" option in Fleet app settings .
5:51 PM
commands for generate the certificate
root@hq-oib3:/opt/fleet# openssl genrsa -out pki/tls/certs/server.key 2048
Generating RSA private key, 2048 bit long modulus
.................+++
..................................................................+++
e is 65537 (0x010001)
root@hq-oib3:/opt/fleet# openssl rsa -in pki/tls/certs/server.key -out pki/tls/private/server.key
writing RSA key
root@hq-oib3:/opt/fleet# openssl req -sha256 -new -key pki/tls/private/server.key -out pki/tls/certs/server.csr -subj "/CN=kolide.bankrc.local"
root@hq-oib3:/opt/fleet# openssl x509 -req -sha256 -days 365 -in pki/tls/certs/server.csr -signkey pki/tls/private/server.key -out pki/tls/certs/server.crt
Signature ok
subject=CN = kolide.bankrc.local
Getting Private key
9:39 PM
Error 500 fixed when I switched back to ip address instead of dns in /etc/hosts