Hi 👋 Fleet (cc @Lucas Rodriguez) I want to connect to a Redis DB with a self-signed-cert, so I want to skip TLS verification. I see that

TLSSkipVerify

is part of the

PoolConfig

struct. This configuration setting is not used in any of the

redis.NewPool

instances. (not even in the configuration doc) Only the

tlsconnect

test application uses it (as a CLI param) Do you know if this

TLSSkipVerify

is working for Redis. If yes, which is the ENV VARiable I should use?

Hi @Jorge Lopez! You are right, there's a

TLSSkipVerify

field in

PoolConfig

, but such a field cannot be set in

fleet serve

(the Fleet server). Curious to know the need to use TLS with verification disabled instead of just disabling TLS altogether (I'm guessing this is just for a test deploy of Fleet?).

In this case, I am using Heroku Redis, and they use a self signed cert. More details here: https://devcenter.heroku.com/articles/connecting-heroku-redis Redis has provided me with Bundled CA cert chain (file with Root + intermediate cert), Can Fleet use this CA cert bundle for cert verification?

I don't know if it will work 100% (depends on the certificate, and maybe it being self-signed will cause verification issues). A way to know for sure is: Configure and run fleet with the given certificate, then run a healthz check:

curl -v <https://dogfood.fleetdm.com/healthz>

(The healthz check checks the Redis connection.)