Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Am I correct in thinking that adding MacOS host to Fleet requires a TLS Cert trusted by the Mac, regardless of if it’s build with the launcher or otherwise?

No, you can use any cert as long as the CN or SAN matches with `--server_tls_certs` in osquery.

With Launcher I believe you can package the cert to achieve similar.

Yeah, new to fleet, so it’s still using the in-box *.<http://your-server.de|your-server.de> cert, which obviously doesn’t have the server name in the CN or SAN

Yeah, typically it makes sense to generate a self-signed cert with the matching CN/SAN and then use the `--server_tls_certs` option.

Or if you are really in early testing you can use `--insecure` with Launcher.

The --insecure flag didn’t seem to make a difference, fwiw.

`--insecure_transport` maybe? I can't remember why those are separate nor which is the correct to use in this scenario

Probably easier just to make the self-signed certificate, then.