Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
w
wennan.he
05/26/2023, 3:37 AMHi fleet team, our structure is like osquery -> LB -> fleet
and we access fleet through browser through domain A, and osquery access fleet through domain B, in this case, the certificate osquery using is what i download from browser, and right now our osquery keeps failing on enroll with err
May 26 03:24:58 XXXXXXXXXX osqueryd[1882290]: W0526 03:24:58.614423 1882292 tls_enroll.cpp:101] Failed enrollment request to https://XXXX/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...
is that because of different domain of fleet?
i think that is after checking the code of fleet, could guide me how to make it work out in this case?
i am using naked osquery, and i didn't set up certificate when installing fleet.
r
Raghavendra Hiremath
05/26/2023, 1:34 PMHello @wennan.he, hope you are doing well!
I believe this should be an issue with fleet.pem file, could you let me know how you downloaded the fleet.pem file?
w
wennan.he
05/26/2023, 5:34 PMimage.png
could u help to answer that, how to make fleet support multiple server urls? Or any other way to make fleet API serving a different domain different web site work out?
k
Kathy Satterlee
05/26/2023, 7:04 PMIs Fleet or the Load Balancer terminating TLS?
w
wennan.he
05/26/2023, 7:44 PMno, problem resolved, the root cause is we changed the domain.