Our fleet/osquery agents started failing to connect to our fleet servers with

(Request error: certificate verify failed)

I've used the same

--tls_server_certs

option with curl and I don't get a certificate verification error, when I change the

osqueryd

options to use the host machines cert (

/etc/ssl/cert.pem

) osquery is fine. This doesn't fail, which I would expect to when the

fleet.pem

is invalid:

curl -vvv -X POST --cacert /opt/orbit/fleet.pem https://<HOST>/api/fleet/orbit/enroll

(We are currently on an older version of fleetdm, and I'd like to avoid forcing all the clients to upgrade)