Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Artem
04/18/2022, 10:43 AMHi! Can I use certificate with wildcard in subdomain for Fleet (receiving osquery connections) ? Is it obligatory to have exact domain name in CN in certificate?
k
koo
04/18/2022, 2:51 PM@Artem let me hunt for an answer for you.
@Artem does this answer your question in any way?
• The CNAME or one of the Subject Alternate Names (SANs) on the certificate must match the hostname that osquery clients use to connect to the server/proxy.
Here is the section of the docs talking about the subject matter
https://fleetdm.com/docs/deploying/introduction#tls-certificate
@Artem just got a confirmation: A wildcard cert should work.
<http://foo.bar.com|foo.bar.com>*.<http://bar.com|bar.com>❤️ 1
a
Artem
04/20/2022, 7:05 AM@koo thank you very much! Got it!
🙌 1