orbit connects to fleet server (running without any certificates) on mac os hosts. Installer packages are all built on mac os

command:

go run ./cmd/package --type msi --fleet-url=fleet:18080 --enroll-secret=MY_SECRET --fleet-certificate=fleet.pem -- --flagfile=flagfile.txt

the certificate has fleet as CN (in fact it works on osqueryd or kolide launcher only if I use “fleet” as hostname)

Windows orbit cmdline: ‘“C:\Program Files\Orbit\bin\orbit\orbit.exe” --root-dir “C:\Program Files\Orbit\.” --log-file “C:\Program Files\Orbit\orbit-log.txt” --fleet-url “fleet:18080" --enroll-secret-path “C:\Program Files\Orbit\secret.txt” --update-url “https://tuf.fleetctl.com”’ windows orbit logs: 2021-05-25T095018+02:00 DBG found expected target locally channel=stable path=“C:\\Program Files\\Orbit\\bin\\osqueryd\\windows\\stable\\osqueryd.exe” target=osqueryd 2021-05-25T095018+02:00 INF Failed to retrieve system cert pool. Cannot validate Fleet server connection. error=“crypto/x509: system root pool is not available on Windows” 2021-05-25T095018+02:00 INF run osqueryd cmd=“C:\\Program Files\\Orbit\\bin\\osqueryd\\windows\\stable\\osqueryd.exe --pidfile=C:\\Program Files\\Orbit\\osquery.pid --database_path=C:\\Program Files\\Orbit\\osquery.db --extensions_socket=C:\\Program Files\\Orbit\\osquery.em --enroll_secret_env=ENROLL_SECRET --tls_hostname=fleet:18080 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --force --verbose --tls_dump” I0525 095018.623387 11456 init.cpp:342] osquery initialized [version=4.8.0] I0525 095018.645426 11456 system.cpp:342] Found stale process for osqueryd (37572) I0525 095018.645426 11456 system.cpp:374] Writing osqueryd pid (19948) to C:\Program Files\Orbit\osquery.pid I0525 095018.647424 11456 extensions.cpp:453] Could not autoload extensions: Cannot open file for reading: \Program Files\osquery\extensions.load I0525 095018.647424 11456 dispatcher.cpp:78] Adding new service: WatcherRunner (00000190FD707CF0) to thread: 31520 (00000190FD73DEB0) in process 19948 I0525 095018.656422 31520 watcher.cpp:593] osqueryd watcher (19948) executing worker (21808) I0525 095018.672039 12384 init.cpp:339] osquery worker initialized [watcher=19948] I0525 095018.674044 12384 dispatcher.cpp:78] Adding new service: WatcherWatcherRunner (000001E899BEC850) to thread: 16404 (000001E899C69600) in process 21808 I0525 095018.675025 12384 rocksdb.cpp:132] Opening RocksDB handle: C:\Program Files\Orbit\osquery.db E0525 095018.729002 12384 init.cpp:555] An error occurred during extension manager startup: Named pipe path is invalid I0525 095018.729002 12384 tls_enroll.cpp:70] TLSEnrollPlugin requesting a node enroll key from: https://fleet:18080/api/v1/osquery/enroll I0525 095019.797472 12384 tls.cpp:255] TLS/HTTPS POST request to URI: https://fleet:18080/api/v1/osquery/enroll {“enroll_secret”:“MY_SECRET”,...} W0525 095019.932312 12384 tls_enroll.cpp:77] Failed enrollment request to https://fleet:18080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...