Comments (4)
You need to check in the api
section of the configuration (base.json
) that you have a base_url
key with the path of the private key corresponding to the tls certificate as value. The key is used to sign the configuration profile for the santa configuration. We do not touch the /var/db/santa/config.plist
anymore.
from zentral.
@np5 thanks for the response. Just to make sure I understand that correctly, because it looks odd when I configure it.
"api": { "secret": "longAPIsecret", "base_url": "/etc/letsencrypt/archive/zentral.mycompany.com/privkey1.pem", "tls_server_certs": "/home/zentral/conf/zentral.mycompany.com_fullchain.pem", "tls_hostname": "https://zentral.mycompany.com" },
Looking at the walk through on https://medium.com/@zentral/zentral-on-gcp-tutorial-chapter3-1e224e830140 the api section looked like mine did before adding the base_url key.
I set up using lets encrypt, and the only private keys I can find are the ones in the /etc/letsencrypt directory. But looking at this the base_url would be the value of tls_hostname no?
from zentral.
My mistake, sorry. I was not really awake.tls_server_key
, not base_url
:
{
"api": {
"secret": "longAPIsecret",
"tls_server_certs": "/home/zentral/conf/zentral.mycompany.com_fullchain.pem",
"tls_server_key": "/etc/letsencrypt/archive/zentral.mycompany.com/privkey.pem",
"tls_hostname": "https://zentral.mycompany.com"
}
}
And probably privkey.pem
, and not privkey1.pem
, but maybe you have a different letsencrypt state.
from zentral.
That fixed my problem. Thank you for your help!
from zentral.
Related Issues (20)
- docker deployment
- Enrollments (santa/osquery) can't be edited/removed once created HOT 1
- Manifest-side, munki/osquery enrollments can't use quota's/serials/udid's for filtering/restriction
- Minor, results view search field does not work when supplied bare integers, requires quoting
- http_post probe action fails with "NoneType object is not callable" HOT 2
- Restrict email invitation domain
- Adding TOTP to a local user repeatedly fails HOT 7
- Can't get syslog output working HOT 15
- deploy.py fails on running migrations while deploying v2021.2-100-g760f7d81 HOT 5
- export in zentral targets not working HOT 4
- Support for token auth in jamf
- Release notes date 2021 should be 2022
- AWS all in one HOT 1
- Docker deployment on cloud vm HOT 2
- Best way to retrieve osquery query run results from external app? HOT 3
- Feature request: metadata linkable to/inline with service accounts/api keys in users view
- Add identifier patterns for signing ID rules to API HOT 3
- Accept unusual Google identifiers for Signing ID Santa rules via ruleset API and rules/create in web interface HOT 1
- Ruleset API endpoint rejects signing IDs containing underscore and minus characters HOT 1
- backend not found HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zentral.