Hello,
I’m encountering the same issue as describe in this (unsolved) topic: Cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs - #2 by aram
Error retrieving members: Get "https://127.0.0.1:8501/v1/agent/members?segment=_all": x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
The problem in my case is that my certificate is actually defined for ‘127.0.0.1’ in the alternative dns names section:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:5b:90:77:6c:b0:22:18:f9:05:68:80:e5:13:ad:c4:e7:c1:10:19
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = CO, ST = City, L = City, CN = Comp Group
Validity
Not Before: Jul 6 18:18:19 2022 GMT
Not After : Jul 3 18:18:19 2032 GMT
Subject: C = CO, ST = City, L = City, O = Comp, OU = My Division, CN = comp.internal
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:90:cb:51:90:f3:fc:46:4a:b7:3c:16:52:3d:4f:
2a:8a:37:66:32:85:4c:9f:55:cf:81:60:67:d9:65:
78:ee:04:ff:c4:be:a0:c2:9a:64:95:de:70:8a:8e:
d1:63:93:2e:25:2c:45:49:08:35:7b:e8:3c:cc:70:
11:4f:a6:16:9e
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:*.node.comp.internal, DNS:*.co-dc-1.comp.internal, DNS:localhost, DNS:127.0.0.1
Signature Algorithm: ecdsa-with-SHA256
Any ideas where the issue might come from?
I’m generating the certificate myself through openssl, but I think the parameters are pretty much correct.