I’m encountering the same issue as describe in this (unsolved) topic: Cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs - #2 by aram
Error retrieving members: Get "https://127.0.0.1:8501/v1/agent/members?segment=_all": x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
The problem in my case is that my certificate is actually defined for ‘127.0.0.1’ in the alternative dns names section:
Certificate: Data: Version: 3 (0x2) Serial Number: 37:5b:90:77:6c:b0:22:18:f9:05:68:80:e5:13:ad:c4:e7:c1:10:19 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = CO, ST = City, L = City, CN = Comp Group Validity Not Before: Jul 6 18:18:19 2022 GMT Not After : Jul 3 18:18:19 2032 GMT Subject: C = CO, ST = City, L = City, O = Comp, OU = My Division, CN = comp.internal Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:90:cb:51:90:f3:fc:46:4a:b7:3c:16:52:3d:4f: 2a:8a:37:66:32:85:4c:9f:55:cf:81:60:67:d9:65: 78:ee:04:ff:c4:be:a0:c2:9a:64:95:de:70:8a:8e: d1:63:93:2e:25:2c:45:49:08:35:7b:e8:3c:cc:70: 11:4f:a6:16:9e ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:*.node.comp.internal, DNS:*.co-dc-1.comp.internal, DNS:localhost, DNS:127.0.0.1 Signature Algorithm: ecdsa-with-SHA256
Any ideas where the issue might come from?
I’m generating the certificate myself through openssl, but I think the parameters are pretty much correct.