Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
k
Konstantin
08/23/2018, 3:10 PMHello. Can someone help me? I am doing a test installation of Kolide Fleet via docker images (fleet, mysql, redis, mailhog). When I press on "Fetch Kolide Certificate" nothing happens and I see the 500 error on browser console. How can I fix the error?
j
jackjack
08/23/2018, 5:00 PMHi! do you have a certificate?
if you have already assigned a self-signed certs, maybe download that directly into your machine instead of downloading it form the GUI
k
Konstantin
08/23/2018, 5:47 PMHi! Yes, I have a certificate. But when I try to run an agent with it there is the error.
vi /etc/osquery/kolide.flags
--enroll_secret_path=/etc/osquery/enrollment_secret
--tls_server_certs=/etc/osquery/kolide.bankrc.local_8412.pem
--tls_hostname=kolide.bankrc.local:8412
--tls_dump=true
--host_identifier=hostname
--enroll_tls_endpoint=/api/v1/osquery/enroll
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=10
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10osqueryd --flagfile=/etc/osquery/kolide.flags
W0318 07:05:24.202896 13491 tls_enroll.cpp:66] Failed enrollment request to <https://kolide.bankrc.local:8412/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...I unchecked "Verify SSL Certs?" option in Fleet app settings .
commands for generate the certificate
root@hq-oib3:/opt/fleet# openssl genrsa -out pki/tls/certs/server.key 2048
Generating RSA private key, 2048 bit long modulus
.................+++
..................................................................+++
e is 65537 (0x010001)
root@hq-oib3:/opt/fleet# openssl rsa -in pki/tls/certs/server.key -out pki/tls/private/server.key
writing RSA key
root@hq-oib3:/opt/fleet# openssl req -sha256 -new -key pki/tls/private/server.key -out pki/tls/certs/server.csr -subj "/CN=kolide.bankrc.local"
root@hq-oib3:/opt/fleet# openssl x509 -req -sha256 -days 365 -in pki/tls/certs/server.csr -signkey pki/tls/private/server.key -out pki/tls/certs/server.crt
Signature ok
subject=CN = kolide.bankrc.local
Getting Private keyError 500 fixed when I switched back to ip address instead of dns in /etc/hosts