Title
#fleet
r

ryan

08/05/2021, 6:53 PM
Another quick question, I’m trying to enroll osquery to my FleetDM server using this. I’ve verified my certificate but still getting the below error message. I’m able to login/access my Fleet server without any issues and CAN enroll systems using Orbit but wanted to use the direct osquery package with the TLS plugin. System is a MAC also.
Failed enrollment request to <https://servername/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying (I removed the servername)
Saulo Guilhermino

Saulo Guilhermino

08/05/2021, 7:06 PM
I was facing the same problem, but as a workaround you can simply remove the
--tls_server_certs
flag. OSQuery may be able to connect to the system without certificate pinning. It's not the safest solution, but it works. ¯_(ツ)_/¯
r

ryan

08/05/2021, 7:20 PM
I still get the same error 🤔
Mystery Incorporated

Mystery Incorporated

08/06/2021, 4:50 AM
@ryan does the certificate subjectName match your servers dns name? i.e is your certificate for yourdomainhere.xxx and osquery is also trying to connect to yourdomainhere.xxx exactly? Not like subdomain.yourdomainhere.xxx etc.
r

ryan

08/06/2021, 6:40 PM
yah it does, I regenerated the cert and it works now so not sure what went wrong initially but it’s working now!