Can I please ask about ‘best practise’ for using TLS for client enrolment.
Looking at the Fleet docs, part of the install is to generate your own self-signed TLS cert, then use that for client auth. But this then requires you to use the -insecure flag on the client to stop it from validating the cert.
It doesn’t sound horrible to spend ~$10 to get a real one (or use letsencypt?) but it does seem less than ideal to re-install clients on expiry.
Should I just not worry about this?