I think this is correct, but when the fleetdm server cert expires, I need to deploy that cert chain with an updated cert, correct? The chain is not changing, just renewing the existing cert.

Hi @benbass, you may not actually need to deploy the chain if it isn't changing, although this really would apply to osquery generally too so you might also want to ask the folks on the general channel if you haven't already. Please let us know what you learn!

Thank you for the reply Sarah! It is amazing how much you forget after setting things up 3 years ago. You are correct the chain isn’t changing, so I don’t need to touch the endpoints, I just need to hit the load balancers and the fleetdm servers themselves.