is there any way to force a refresh of the node ke...
# tlsc
clong
11/09/2021, 7:27 PMis there any way to force a refresh of the node key?
z
zwass
11/09/2021, 7:36 PM
For a Fleet user I'd recommend deleting the host from Fleet -- that would cause a re-enrollment when the host next checks in and receives a
node_invalidzwass
11/09/2021, 7:36 PM
I imagine there's some equivalent that could be done in any other TLS server implementation.
c
clong
11/09/2021, 7:38 PMah yeah we're not using fleet here (yet) :[
🤓 1
clong
11/09/2021, 7:42 PMis the node key just
osquery.db/IDENTITYs
seph
11/09/2021, 9:09 PM
This is relatively easy from the server. Less sure about the client. If you’re re-enrolling, do you need to keep any of the local state? (vs removing the entire database)
z
zwass
11/09/2021, 9:12 PM
is the node key just osquery.db/IDENTITY?I think probably not. The node key will be somewhere in the rocksdb database that I would expect to be opaque except when parsed by rocksdb.
c
clong
11/09/2021, 9:57 PMthanks guys
j
Jams
11/09/2021, 9:57 PMJams
11/09/2021, 9:58 PM Copy code
{
"node_invalid": false // Optional, return true to indicate re-enrollment.
}11 Views