> fleetdm uses TLS certs to make the connection...
# fleet
fleetdm uses TLS certs to make the connection between endpoints (containing the osquery agent).  In the event that the SSL cert changes or renews, is there a way to deploy the new secret.txt and fleet.pem to all the endpoints? or is this a manual process?
If hosts are already enrolled in Fleet, they don't need the secret to be changed. For the SSL cert, if you are manually specifying the cert bundle, you would have to change it. We're going to add this question to the FAQ shortly.
For us it worked to add the new cert with the old one in the same file defined in
on the osquery side. After that is done, replace the certificate on the fleet side. Could not figure a better way to do so.