Konstantin
08/23/2018, 3:10 PMjackjack
08/23/2018, 5:00 PMKonstantin
08/23/2018, 5:47 PMvi /etc/osquery/kolide.flags
--enroll_secret_path=/etc/osquery/enrollment_secret
--tls_server_certs=/etc/osquery/kolide.bankrc.local_8412.pem
--tls_hostname=kolide.bankrc.local:8412
--tls_dump=true
--host_identifier=hostname
--enroll_tls_endpoint=/api/v1/osquery/enroll
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=10
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10
osqueryd --flagfile=/etc/osquery/kolide.flags
W0318 07:05:24.202896 13491 tls_enroll.cpp:66] Failed enrollment request to <https://kolide.bankrc.local:8412/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...
root@hq-oib3:/opt/fleet# openssl genrsa -out pki/tls/certs/server.key 2048
Generating RSA private key, 2048 bit long modulus
.................+++
..................................................................+++
e is 65537 (0x010001)
root@hq-oib3:/opt/fleet# openssl rsa -in pki/tls/certs/server.key -out pki/tls/private/server.key
writing RSA key
root@hq-oib3:/opt/fleet# openssl req -sha256 -new -key pki/tls/private/server.key -out pki/tls/certs/server.csr -subj "/CN=kolide.bankrc.local"
root@hq-oib3:/opt/fleet# openssl x509 -req -sha256 -days 365 -in pki/tls/certs/server.csr -signkey pki/tls/private/server.key -out pki/tls/certs/server.crt
Signature ok
subject=CN = kolide.bankrc.local
Getting Private key