Title
#fleet
a

Ashwin Kawade

03/19/2021, 5:46 PM
Hiii, I am struggling add host, Getting errorTLS/HTTPS POST request to URI: https://xxxxx:8412/api/v1/osquery/enroll Failed enrollment request to https://xxxxx:8412/api/v1/osquery/enroll (Request error: certificate verify failed) retrying... flagfile.txt
# Server
--tls_hostname=xxxxx:8412
--tls_server_certs=/home/dell/fleet.pem

# Enrollment
--host_identifier=instance
--enroll_secret_path=/home/dell/secret.txt
--enroll_tls_endpoint=/api/v1/osquery/enroll

# Configuration
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_refresh=10

# Live query
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write

# Logging
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10

# File carving
--disable_carver=false
--carver_start_endpoint=/api/v1/osquery/carve/begin
--carver_continue_endpoint=/api/v1/osquery/carve/block
--carver_block_size=2000000
secret.txt and fleet.pem are at home directory. please help me to resolve this issue. Thank you
zwass

zwass

03/19/2021, 5:54 PM
Is the hostname different from localhost? If so, you'll need to generate a certificate with a matching hostname.
a

Ashwin Kawade

03/19/2021, 8:21 PM
yes
8:23 PM
ok,got it thank you
8:24 PM
Is there any way to ignore ssl or insecure mode?
zwass

zwass

03/19/2021, 9:02 PM
Not easily with osquery.