Mike S.
02/07/2023, 7:50 PMKathy Satterlee
02/07/2023, 7:52 PMMike S.
02/07/2023, 8:26 PM--tls_hostname=
• Verified that the osquery.flags file on the client has the --tls_server_certs flag set and that the path to the cert is correct.
• Verified that the cert itself is valid - I am able to access our web GUI without any certificate error being issued.
• Downloaded certificate from server (using Advanced option under Add Hosts) and used that in the enrollment process. No change.
• Attempted to verify the certificate with curl on host - output attached.
• Disabled the proxy on the host to verify that there wasn't a MITM issue. No change.
• Installed certificates to ca-certificates and updated the certificate list
• Appended intermediate cert to entity cert and attempted to enroll using the new cert.
• Prayed to Zeus to throw a lightning bolt at the people who created PKI. 😛
Let me know what other information I can provide! And I appreciate all of the amazing help provided so far!server platform
with the certificate request, so I can't just re-email w/ a new platform bundle, but I can duplicate the cert to rebundle. Attached all
the platform options available to digicert. (the core cert info will be the same, just the file formats and location of various pieces of cert
info will move around). Technically the same thing as running the existing cert through openssl
Here's the platform info he's referring to:Kathy Satterlee
02/07/2023, 9:44 PMAdam Connor
02/07/2023, 10:08 PM