. I'm following FAQs to make sure I don't miss anything. Here is what i get when I curl the enroll endpoint.
Failed enrollment request to <https://something.com/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying
❯ curl -v -X POST <https://something.com:443/api/v1/osquery/enroll> * Trying 220.127.116.11... * TCP_NODELAY set * Connected to <http://osquery.lalaland.com|osquery.lalaland.com> (18.104.22.168) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate More details here: <https://curl.haxx.se/docs/sslcerts.html> curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
(The pem file downloaded form fleet web UI). I also cross checked that the fleet FQDN matches the CN in the
file. But I still can't enroll my client on fleet server. One thing I noticed is that openssl appends the
to the FQDN so the final CN in the certificate is
I hope that has nothing to do with the certificate failing to verify?