koba07/21/2020, 8:28 AM
. I'm following FAQs to make sure I don't miss anything. Here is what i get when I curl the enroll endpoint.
Failed enrollment request to <https://something.com/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying
❯ curl -v -X POST <https://something.com:443/api/v1/osquery/enroll> * Trying 188.8.131.52... * TCP_NODELAY set * Connected to <http://osquery.lalaland.com|osquery.lalaland.com> (184.108.40.206) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self signed certificate * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate More details here: <https://curl.haxx.se/docs/sslcerts.html> curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
sundsta07/21/2020, 6:18 PM
flag. See https://osquery.readthedocs.io/en/stable/installation/cli-flags/
koba07/22/2020, 4:40 AM
(The pem file downloaded form fleet web UI). I also cross checked that the fleet FQDN matches the CN in the
file. But I still can't enroll my client on fleet server. One thing I noticed is that openssl appends the
to the FQDN so the final CN in the certificate is
I hope that has nothing to do with the certificate failing to verify?
DG07/23/2020, 5:39 PM
tkrabec08/13/2020, 1:51 PM
koba08/15/2020, 5:10 PM