Chad
08/14/2021, 10:13 AM.\orbit.exe --fleet-url=<https://host.domain.com:443> --enroll-secret=[Redacted Secret]
I get the following errors which makes me think orbit/osquery doesn't support trusted CAs on windows:
Failed to retrieve system cert pool. Cannot validate Fleet server connection. error="crypto/x509: system root pool is not available on Windows"
...
...
Cannot read TLS server certificate(s): \Program Files\osquery\certs\certs.pem
My understanding is that if I am using a cert signed by a trusted authority then osquery/orbit shouldn't even be looking for certs locally?Mystery Incorporated
08/14/2021, 12:42 PMChad
08/14/2021, 3:06 PMzwass
08/14/2021, 3:29 PM