Hi, I'm trying to setup MDM but when I want to generate the certificates I have this error : Incorrect Usage: flag provided but not defined: -address fleectl 4.44.0 fleet 4.44.1 the command line : fleetctl generate mdm-apple --email My@email.home --org MyORG --address=https://localhost:8080

Hey @Gilles Renault, Don't believe

--address

is a valid flag available in

fleetctl generate

Can always pass the

-h

or

--help

flags to get some more info.

fleetctl generate mdm-apple -h
NAME:
   fleetctl generate mdm-apple - Generates certificate signing request (CSR) and key for Apple Push Notification Service (APNs) and certificate and key for Simple Certificate Enrollment Protocol (SCEP) to turn on MDM features.

USAGE:
   fleetctl generate mdm-apple [command options] [arguments...]

OPTIONS:
   --context value    Name of fleetctl config context to use (default: "default") [$CONTEXT]
   --debug            Enable debug http request logging (default: false) [$DEBUG]
   --email value      The email address to send the signed APNS csr to.
   --org value        The organization requesting the signed APNS csr.
   --apns-key value   The output path for the APNs private key. (default: "fleet-mdm-apple-apns.key")
   --scep-cert value  The output path for the SCEP CA certificate. (default: "fleet-mdm-apple-scep.crt")
   --scep-key value   The output path for the SCEP CA private key. (default: "fleet-mdm-apple-scep.key")
   --help, -h         show help (default: false)

Ok the doc is not clear, before that command you need to do

fleet config --address

then

fleet login

certificate problem, disable tls from server configuration

fleet can run without tls ?

Yes https://fleetdm.com/docs/configuration/fleet-server-configuration#server-tls

Thank you !

While Fleet itself doesn't have to be served over TLS, osquery does require it for sending data. If Fleet isn't terminating TLS, it will need to be handled by a proxy or Load Balancer.