Hi my name is Silvano and i have a quick question regarding osquery #fleet

Hi, my name is Silvano and i have a quick question...

Silvano Ngacha

06/16/2021, 5:54 AM

Hi, my name is Silvano and i have a quick question regarding setting up FleetDm. I have been trying to add the hosts in vain and it appears like its an issue with the self-signed certificate. I'd appreciate if someone could guide me on how to enroll hosts to FleetDM Error,

Copy code

I0615 15:16:19.983693 17433 tls.cpp:255] TLS/HTTPS POST request to URI: <https://172.27.63.225:8412/api/v1/osquery/enroll>
W0615 15:16:20.030148 17433 tls_enroll.cpp:77] Failed enrollment request to <https://172.27.63.225:8412/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...

Silvano Ngacha

06/16/2021, 6:18 AM

The Fleet App server url : https://172.27.63.225:1337:8412

Avi Norowitz

06/16/2021, 2:18 PM

For TLS certificate validation to work, you should use a fully qualified domain name rather than an IP address. You'd also need a signed certificate, either from a trusted certificate authority (like lets-encrypt.org) or self-signed (requires the use of

--tls_server_certs

on osqueryd). See: https://github.com/fleetdm/fleet/blob/cb2682c27317e6301dfdaf5e39cf1c77b38f828a/docs/3-Deployment/FAQ.md#how-do-i-fix-certifi[…]-errors-from-osqueryd https://github.com/fleetdm/fleet/blob/0455ee144b89ab2286497b17e2c53c63a61c43a4/docs/3-Deployment/4-Example-deployment-scenarios.md#setting[…]g-Fleet

💯 1

Silvano Ngacha

06/17/2021, 9:02 AM

Thank you @Avi Norowitz Finally, it worked. I appreciate your assistance

👍 1

117 Views

Open in Slack

Previous Next