Hi Guys. I have an issue with "W0414 015132.705027  1683 tls_enroll.cpp:76] Failed enrollment request to https://Fleet.mydomain.com.vn:8080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying..." on my osquery agent [5:44 PM] This cert has wildcard CN=*mydomain.com.vn and this cert is not Self-Signed Certification I also tried to this ssl-client command to verify the TLS server Certificate as below

[root@test-osquery ~]# openssl s_client -connect <http://Fleet.mydomain.com.vn:8080|Fleet.mydomain.com.vn:8080> -CAfile /var/osquery/server.pem
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, CN = *.<http://mydomain.com.vn|mydomain.com.vn>
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = *.<http://mydomain.com.vn|mydomain.com.vn>
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=*.<http://mydomain.com.vn|mydomain.com.vn>
   i:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
....
    Start Time: 1586804604
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

Could someone share me how to fix this issue without changing the cert to Self-Singed Cert ? Thanks so much