hey team question about TLS enrollment and re enrollment I a

Question

hey team question about TLS enrollment and re enrollment I am planning to change my `tls hostname` to a new endpoint fresh server what happens to the clients nodes do I have to manually re enroll them or will they re enroll automatically

happy-dude · Answer

I m planning to run a test by changing the config restarting the daemon and watching the logs for what happens

zwass · Answer

When you say fresh server you mean a new database

zwass · Answer

The server should tell the nodes their authentication is invalid and trigger a reenrollment

zwass · Answer

Of course this depends on the server being implemented properly

happy-dude · Answer

yessir new database I am implementing a new server and it seems that I should check the `node invalid` flag in the API <https osquery readthedocs io en stable deployment remote remote server api>

zwass · Answer

Yes