Hi fleet team, our structure is like osquery ->...
# fleet
w
Hi fleet team, our structure is like osquery -> LB -> fleet and we access fleet through browser through domain A, and osquery access fleet through domain B, in this case, the certificate osquery using is what i download from browser, and right now our osquery keeps failing on enroll with err May 26 032458 XXXXXXXXXX osqueryd[1882290]: W0526 032458.614423 1882292 tls_enroll.cpp:101] Failed enrollment request to https://XXXX/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... is that because of different domain of fleet?
i think that is after checking the code of fleet, could guide me how to make it work out in this case? i am using naked osquery, and i didn't set up certificate when installing fleet.
r
Hello @wennan.he, hope you are doing well! I believe this should be an issue with fleet.pem file, could you let me know how you downloaded the fleet.pem file?
w
image.png
could u help to answer that, how to make fleet support multiple server urls? Or any other way to make fleet API serving a different domain different web site work out?
k
Is Fleet or the Load Balancer terminating TLS?
w
no, problem resolved, the root cause is we changed the domain.