Certificate Error with Azure Load Balancer

I’m running Vault 1.4.1, 5 nodes, with integrated raft storage. I have an Azure Load Balancer configured and working - it’s a layer 4 so no tls offload or tls settings of any kind are in the config. I am using certs issued by an internal CA, common name is the name of the load balancer, and SANs for each node address.

SANS = vault1.domain.local, vault2.domain.local, vault3.domain.local,etc

When I attempt to access vault via the load balancer I get a certificate error but when I access the nodes directly I do not get a certificate error. Anyone run into this before?


This server couldn't prove that it's  **vault.domain.local** ; its security certificate is from 
**vault1.domain.local** . This may be caused by a misconfiguration or an attacker
intercepting your connection.

I finally fixed this problem. The dns name of the load balancer needed to be included in the list of subject alternative names. Once the certs were generated with this request file and installed, I no longer received the browser warning.

Hopefully this helps anyone else that runs into this issue!

distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
C = county
ST = state
L = city
O = company name
OU = company name
CN = vault-prod.domain.local
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
DNS.1 = vault-prod.domain.local
DNS.2 = vault01-prod.domain.local
DNS.3 = vault02-prod.domain.local
DNS.4 = vault03-prod.domain.local
DNS.5 = vault04-prod.domain.local
DNS.6 = vault05-prod.domain.local