Web Gui Cert #9933
Replies: 1 comment 7 replies
-
|
All you should need to do is replace the managerssl.crt and .key files in /etc/pki, as outlined in the link. That certificate pair is specific to the web interface and isn't used for any internode communication - I think you might have had two separate issues occurring at the same time. |
Beta Was this translation helpful? Give feedback.
-
|
You're right, those errors are coming from launcher, which is a wrapper around the osquery agent. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for confirming I appreciate the help from this forum. So do you know how I would stop these errors? Like I say we don't currently use the osquery function but is it just a case of updating the intca.cer as shown in other guides? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, Just wondering if you could point me in the right direction on this so I can apply the gui certs and not have the errors? |
Beta Was this translation helpful? Give feedback.
-
|
If you don't use the osquery function, you can remove the launcher package with "sudo rpm -e launcher-final". If you'd like to reinstall it later, you can regenerate the install packages on the download page with "sudo salt-call state.apply fleet.event_gen-packages" and then manually install the new one. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks will have a think Cheers |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi All,
Hopefully this isnt a big issue but I followed this guide:
https://nano.dannyvacar.ca/post/custom-ssl-certificate-for-security-onion-web-ui/
Everything seemed to work fine and I cold see my custom cert on the web gui and everything seemed to be working however after rebooting a sensor I noticed that the docker would not start, on investigation I was getting this error:
{"caller":"request_queries.go:162","err":"rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"","method":"RequestQueries","reauth":false,"res":"null","severity":"info","took":"88.416µs","ts":"2023-03-15T12:36:18.044081225Z","uuid":"42c7a214-8afd-46f1-8daa-96af54e34e4c"}
I then added the Root and SubCa to the node via:
added certs in this directory "/etc/pki/ca-trust/source/anchors/"
then ran "update-ca-trust extract"
After this the docker started and again it looked good but I was still seeing the error in my /var/log/messages.
For now I have reverted back to the default self signed cert and the error has cleared from the manager and the sensors but I was wondering on the best way to add a custom cert so I dont get the SSL error when accessing the manager.
Regards
NG
Beta Was this translation helpful? Give feedback.
All reactions