I am following this documentation
My error is saying the certificate does not match with the domain created
I need more clarity on this command
$ consul tls ca create
Server name : example.dev.corp.com
What should be passed as domain ?
Is this the correct way to create certificate for the domain
consul tls ca create --domain=dev.corp.com -name-constraint=dev.corp.com
I would appreciate a similar example for below command:
consul tls cert create -server
Example hostname server1.dev.corp.com
I need a real time scenario example as i am not able to proceed with the cluster TLS encryption.
A lot of people had similar issues reported here . But they had set ''verify_server_hostname = false ‘’ and got the cluster working
The documentation clear says the below :
Without verify_server_hostname = true` an attacker could compromise a Consul client agent and restart the agent as a server in order to get access to all the data in your datacenter! This is why server certificates are special, and only servers should have them provisioned.
I would appreciate help on this matter .