Hi guys, my agents seem to not trust the server's certificate (

Failed enrollment to https://<address>/api/v1/osquery/enroll (Request error: certificate verify failed)

), even though it is signed by our organization's CA. When I access the web UI through Chrome, for example, it says "secure", which means the certificate is OK. Any ideas?

Ensure that the common name set in the TLS cert matches the FQDN of the server in your flags file:

--tls_hostname=<TLS FQDN>

. Also does your Osquery flags file contain a

--tls_server_certs=<file path to cert>

Hey, thanks for the response! Both of those flags are set correctly, any other ideas?

You should be able to debug the issue by using OpenSSL. First, try

openssl s_client -CApath <file path to cert> -connect <Fleet FQDN>:<port>

.