I’m running Vault 1.4.1, 5 nodes, with integrated raft storage. I have an Azure Load Balancer configured and working - it’s a layer 4 so no tls offload or tls settings of any kind are in the config. I am using certs issued by an internal CA, common name is the name of the load balancer, and SANs for each node address.
CN=vault.domain.local
SANS = vault1.domain.local, vault2.domain.local, vault3.domain.local,etc
When I attempt to access vault via the load balancer I get a certificate error but when I access the nodes directly I do not get a certificate error. Anyone run into this before?
NET::ERR_CERT_COMMON_NAME_INVALID
This server couldn't prove that it's **vault.domain.local** ; its security certificate is from
**vault1.domain.local** . This may be caused by a misconfiguration or an attacker
intercepting your connection.