Agent install fails on RHEL/CentOS 6 or Amazon due to SSL error.

When installing the Threat Stack agent on Red Hat Enterprise Linux6, CentOS Linux 6, or Amazon Linux installation may fail while trying to retrieve the Threat Stack repository GPG key due to an SSL error.

For example:

This is due to Red Hat's shipped version of curl, used by rpm and yumnot supporting TLS higher than version 1.0 and Threat Stack not supporting TLS versions with security vulnerabilities.  Government and industry standards NIST and PCI recommend at a minimum TLS 1.1 with a preference for TLS 1.2.

To resolve this issue the following paths may be taken.

1. Retrieve the key file with an alternative tool and import it manually.

wget https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK -O /etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK

$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK

 

2. Update to the latest version of the Threat Stack configuration management module for your platform.

All modules have been updated to avoid using curl to import the GPG key.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.