Title
#fleet
s

Silvano Ngacha

06/16/2021, 5:54 AM
Hi, my name is Silvano and i have a quick question regarding setting up FleetDm. I have been trying to add the hosts in vain and it appears like its an issue with the self-signed certificate. I'd appreciate if someone could guide me on how to enroll hosts to FleetDM Error,
I0615 15:16:19.983693 17433 tls.cpp:255] TLS/HTTPS POST request to URI: <https://172.27.63.225:8412/api/v1/osquery/enroll>
W0615 15:16:20.030148 17433 tls_enroll.cpp:77] Failed enrollment request to <https://172.27.63.225:8412/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...
6:18 AM
The Fleet App server url : https://172.27.63.225:1337:8412
a

Avi Norowitz

06/16/2021, 2:18 PM
For TLS certificate validation to work, you should use a fully qualified domain name rather than an IP address. You'd also need a signed certificate, either from a trusted certificate authority (like lets-encrypt.org) or self-signed (requires the use of
--tls_server_certs
on osqueryd). See: https://github.com/fleetdm/fleet/blob/cb2682c27317e6301dfdaf5e39cf1c77b38f828a/docs/3-Deployment/FAQ.md#how-do-i-fix-certifi[…]-errors-from-osqueryd https://github.com/fleetdm/fleet/blob/0455ee144b89ab2286497b17e2c53c63a61c43a4/docs/3-Deployment/4-Example-deployment-scenarios.md#setting[…]g-Fleet
s

Silvano Ngacha

06/17/2021, 9:02 AM
Thank you @Avi Norowitz Finally, it worked. I appreciate your assistance