Hi fleet team, our structure is like osquery ->...
# fleetw
wennan.he
05/26/2023, 3:37 AMHi fleet team, our structure is like osquery -> LB -> fleet
and we access fleet through browser through domain A, and osquery access fleet through domain B, in this case, the certificate osquery using is what i download from browser, and right now our osquery keeps failing on enroll with err
May 26 032458 XXXXXXXXXX osqueryd[1882290]: W0526 032458.614423 1882292 tls_enroll.cpp:101] Failed enrollment request to https://XXXX/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...
is that because of different domain of fleet?
wennan.he
05/26/2023, 3:52 AMi think that is after checking the code of fleet, could guide me how to make it work out in this case?
i am using naked osquery, and i didn't set up certificate when installing fleet.
r
Raghavendra Hiremath
05/26/2023, 1:34 PMHello @wennan.he, hope you are doing well!
I believe this should be an issue with fleet.pem file, could you let me know how you downloaded the fleet.pem file?
w
wennan.he
05/26/2023, 5:34 PMimage.png
wennan.he
05/26/2023, 5:49 PMcould u help to answer that, how to make fleet support multiple server urls? Or any other way to make fleet API serving a different domain different web site work out?
k
Kathy Satterlee
05/26/2023, 7:04 PMIs Fleet or the Load Balancer terminating TLS?
w
wennan.he
05/26/2023, 7:44 PMno, problem resolved, the root cause is we changed the domain.
3 Views