https://github.com/osquery/osquery logo
Title
w

wennan.he

05/26/2023, 3:37 AM
Hi fleet team, our structure is like osquery -> LB -> fleet and we access fleet through browser through domain A, and osquery access fleet through domain B, in this case, the certificate osquery using is what i download from browser, and right now our osquery keeps failing on enroll with err May 26 03:24:58 XXXXXXXXXX osqueryd[1882290]: W0526 03:24:58.614423 1882292 tls_enroll.cpp:101] Failed enrollment request to https://XXXX/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... is that because of different domain of fleet?
i think that is after checking the code of fleet, could guide me how to make it work out in this case? i am using naked osquery, and i didn't set up certificate when installing fleet.
r

Raghavendra Hiremath

05/26/2023, 1:34 PM
Hello @wennan.he, hope you are doing well! I believe this should be an issue with fleet.pem file, could you let me know how you downloaded the fleet.pem file?
w

wennan.he

05/26/2023, 5:34 PM
image.png
could u help to answer that, how to make fleet support multiple server urls? Or any other way to make fleet API serving a different domain different web site work out?
k

Kathy Satterlee

05/26/2023, 7:04 PM
Is Fleet or the Load Balancer terminating TLS?
w

wennan.he

05/26/2023, 7:44 PM
no, problem resolved, the root cause is we changed the domain.