failed to verify certificate: x509: certificate signed by unknown authority on osquery client

[chergett]

Having the same issue as #10039. We have a signed cert for managerssl.crt and managerssl.key. I should add that the cert is a wildcard cert. Not sure if that is causing the issue or not. I have followed the steps to regen the cert but that results in me not being able to access the GUI. Perhaps I'm missing some steps to simply regen the certs and still be able to access the GUI with the default self-signed cert.

On-prem deployment from ISO
CentOS 7
1 node standalone
all services running
no errors from salt-call state.highstate

global.sls

    ----------
    airgap:
        False
    cortexkey:
        ftkhblUHu81ODsKBnTW4
    cortexorgname:
        SecurityOnion
    cortexorguserkey:
        BUgjdlr8ZKaBcEkEGh2X
    cortexplaysecret:
        YPBdatxW9epr05Am2mR2
    dockernet:
        172.17.0.0
    fleet_custom_hostname:
        onion.domain.com
    fleet_hostname:
        sos
    fleet_ip:
        10.9.9.191
    fleet_manager:
        True
    fleet_node:
        False
    fleet_packages-timestamp:
        2023-06-07-16:52
    fleet_packages-version:
        14
    hivekey:
        oFyo6OUUJdH64dvDD8ja
    hiveplaysecret:
        VzhIQFqqsidFUPyzM9t0
    hnmanager:
        10.0.0.0/8
    ids:
        Suricata
    imagerepo:
        security-onion-solutions
    managerip:
        10.9.9.191
    mdengine:
        SURICATA
    pipeline:
        redis
    sensoronikey:
        B1tvtWoZMzSmWFJs04q1
    soversion:
        2.3.250
    url_base:
        onion.domain.com
    wazuh:
        1```

flags file
enroll_secret_path /etc/so-launcher/secret
hostname onion.domain.com:8090
root_directory /var/so-launcher/securityonion
osqueryd_path /usr/local/so-launcher/bin/osqueryd
root_pem /etc/so-launcher/roots.pem
autoupdate
update_channel stable

[chergett]

Okay, so not a real solution but I was able to get the osquery client to connect by replacing roots.pem with the managerssl.crt. Seems like some sort of issue with the roots.pem cert that gets packaged with the osquery installer package not getting updated to match the updated managerssl.crt.