Another quick question, I’m trying to enroll osquery to my FleetDM server using this. I’ve verified my certificate but still getting the below error message. I’m able to login/access my Fleet server without any issues and CAN enroll systems using Orbit but wanted to use the direct osquery package with the TLS plugin. System is a MAC also.

Failed enrollment request to <https://servername/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying (I removed the servername)

I was facing the same problem, but as a workaround you can simply remove the

--tls_server_certs

flag. OSQuery may be able to connect to the system without certificate pinning. It's not the safest solution, but it works. ¯\_(ツ)_/¯

I still get the same error 🤔

@ryan does the certificate subjectName match your servers dns name? i.e is your certificate for yourdomainhere.xxx and osquery is also trying to connect to yourdomainhere.xxx exactly? Not like subdomain.yourdomainhere.xxx etc.

yah it does, I regenerated the cert and it works now so not sure what went wrong initially but it’s working now!