I need a real time scenario example as i am not able to proceed with the cluster TLS encryption.
A lot of people had similar issues reported here . But they had set ''verify_server_hostname = false ‘’ and got the cluster working
The documentation clear says the below :
Without verify_server_hostname = true` an attacker could compromise a Consul client agent and restart the agent as a server in order to get access to all the data in your datacenter! This is why server certificates are special, and only servers should have them provisioned.
Error: 020-09-22T10:18:27.214Z [ERROR] agent.anti_entropy: failed to sync remote state: error="rpc error getting client: failed to get conn: x509: certificate is valid for server.dctest.consul, localhost, not server.dc1.consul"
This is causing issues further down the line when i am trying to add new client agents. With ACL
You should use the following flags when generating certificates :
consul tls cert create -server -dc="dc1" -additional-ipaddress="172.16.32.10" -domain="consul.company.com" -additional-dnsname="consul-dc1.server.dc1.consul.company.com"
You are missing some SAN fields in your current certificates. I am pretty sure that the IP flag is also mendatory as I had the same kind of message as you do but with IPs.