Hi fleet team, our structure is like osquery -> LB -> fleet
and we access fleet through browser through domain A, and osquery access fleet through domain B, in this case, the certificate osquery using is what i download from browser, and right now our osquery keeps failing on enroll with err
May 26 03:24:58 XXXXXXXXXX osqueryd[1882290]: W0526 03:24:58.614423 1882292 tls_enroll.cpp:101] Failed enrollment request to https://XXXX/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...
is that because of different domain of fleet?
i think that is after checking the code of fleet, could guide me how to make it work out in this case?
i am using naked osquery, and i didn't set up certificate when installing fleet.
r
Raghavendra Hiremath
05/26/2023, 1:34 PM
Hello @wennan.he, hope you are doing well!
I believe this should be an issue with fleet.pem file, could you let me know how you downloaded the fleet.pem file?
w
wennan.he
05/26/2023, 5:34 PM
image.png
could u help to answer that, how to make fleet support multiple server urls? Or any other way to make fleet API serving a different domain different web site work out?
k
Kathy Satterlee
05/26/2023, 7:04 PM
Is Fleet or the Load Balancer terminating TLS?
w
wennan.he
05/26/2023, 7:44 PM
no, problem resolved, the root cause is we changed the domain.