Issues with Santa Enrollment Package. With or without installer. about zentral HOT 4 CLOSED

You need to check in the api section of the configuration (base.json) that you have a base_url key with the path of the private key corresponding to the tls certificate as value. The key is used to sign the configuration profile for the santa configuration. We do not touch the /var/db/santa/config.plist anymore.

from zentral.

@np5 thanks for the response. Just to make sure I understand that correctly, because it looks odd when I configure it.
"api": { "secret": "longAPIsecret", "base_url": "/etc/letsencrypt/archive/zentral.mycompany.com/privkey1.pem", "tls_server_certs": "/home/zentral/conf/zentral.mycompany.com_fullchain.pem", "tls_hostname": "https://zentral.mycompany.com" },

Looking at the walk through on https://medium.com/@zentral/zentral-on-gcp-tutorial-chapter3-1e224e830140 the api section looked like mine did before adding the base_url key.

I set up using lets encrypt, and the only private keys I can find are the ones in the /etc/letsencrypt directory. But looking at this the base_url would be the value of tls_hostname no?

from zentral.

My mistake, sorry. I was not really awake.tls_server_key, not base_url:

{
  "api": {
    "secret": "longAPIsecret",
    "tls_server_certs": "/home/zentral/conf/zentral.mycompany.com_fullchain.pem",
    "tls_server_key": "/etc/letsencrypt/archive/zentral.mycompany.com/privkey.pem",
    "tls_hostname": "https://zentral.mycompany.com"
  }
}

And probably privkey.pem, and not privkey1.pem, but maybe you have a different letsencrypt state.

from zentral.

That fixed my problem. Thank you for your help!

from zentral.