We ve built the Fleet package with fleetctl including our se osquery #fleet

We've built the Fleet package with fleetctl, inclu...

Pierre N

06/27/2024, 7:52 AM

We've built the Fleet package with fleetctl, including our server certificate. Yet during deployment we still can't seem to be able to enroll our endpoints (all macOS laptops):

Copy code

W0626 14:49:27.032124 -139899904 tls_enroll.cpp:101] Failed enrollment request to <https://fleetdm.XXXXX/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...

What are we doing wrong there?

Lucas Rodriguez

06/27/2024, 10:13 AM

Hi @Pierre N! • Does

curl <https://fleetdm.XXXXX/api/v1/osquery/enroll>

work? • How was the package generated? (

fleetctl package ...

)

Pierre N

07/01/2024, 2:04 AM

Hi @Lucas Rodriguez sorry for taking so long, we made some progress and we are pretty sure it's linked to our security controls.

curl enroll

doesn't work, but it also doesn't work on properly running endpoints and if we hardcode the IP it works fine on new endpoints.

Pierre N

07/01/2024, 2:05 AM

We tried both normal package generation from the portal and the generation with the server cert, both lead to the same error which seems related to the fleetdm.XXXXX resolution

Lucas Rodriguez

07/01/2024, 1:37 PM

Hi @Pierre N!

curl enroll
doesn't work, but it also doesn't work on properly running endpoints and if we hardcode the IP it works fine on new endpoints.

Sorry, by work I meant that SSL/TLS works but then you get a 403 or something. If you are getting certificate verification issues with curl then it means something's off with the server's certificate.

Pierre N

07/02/2024, 2:32 AM

Yes looking into this at the moment

36 Views

Open in Slack

Previous Next