Title
#core
happy-dude

happy-dude

11/18/2019, 9:10 PM
hey team -- question about TLS enrollment (and re-enrollment): I am planning to change my
tls-hostname
to a new endpoint (fresh server) • what happens to the clients/nodes? • do I have to manually re-enroll them? or will they re-enroll automatically?
9:12 PM
I'm planning to run a test by changing the config, restarting the daemon, and watching the logs for what happens...
zwass

zwass

11/18/2019, 9:32 PM
When you say "fresh server" you mean a new database?
9:33 PM
The server should tell the nodes their authentication is invalid and trigger a reenrollment.
9:35 PM
Of course this depends on the server being implemented properly.
happy-dude

happy-dude

11/18/2019, 9:38 PM
yessir new database; I am implementing a new server and it seems that I should check the
node_invalid
flag in the API? https://osquery.readthedocs.io/en/stable/deployment/remote/#remote-server-api
zwass

zwass

11/18/2019, 9:39 PM
Yes