https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
a

Artem

04/18/2022, 10:43 AM
Hi! Can I use certificate with wildcard in subdomain for Fleet (receiving osquery connections) ? Is it obligatory to have exact domain name in CN in certificate?
k

koo

04/18/2022, 2:51 PM
@Artem let me hunt for an answer for you.
@Artem does this answer your question in any way? • The CNAME or one of the Subject Alternate Names (SANs) on the certificate must match the hostname that osquery clients use to connect to the server/proxy. Here is the section of the docs talking about the subject matter https://fleetdm.com/docs/deploying/introduction#tls-certificate
@Artem just got a confirmation: A wildcard cert should work. 
<http://foo.bar.com|foo.bar.com>
should “match” a SAN of 
*.<http://bar.com|bar.com>
. I hope this helps
❤️ 1
a

Artem

04/20/2022, 7:05 AM
@koo thank you very much! Got it!
🙌 1
15 Views
Powered by