Vault CLI TLS x509 IP SAN errors

I have configured vault using the following https listener

# HTTPS listener
listener "tcp" {
  address       = ""
  tls_cert_file = "/path/tls/tls.crt"
  tls_key_file  = "/path/tls/tls.key"

api_addr = ""
cluster_addr = ""

The UI at that address works properly, however after setting the env:
export VAULT_ADDR=""

And attempting to login: vault login <token>

I get the following error
Error authenticating: error looking up token: Get "": x509: cannot validate certificate for because it doesn't contain any IP SANs

I assume this error is for the cert in tls/tls.crt created automatically when vault installed. I tried generating a new cert for it via the vault pki engine, giving it the IP SAN for the server its running on, however in that case, I get a self-signed certificate error.

How do I resolve this issue?

1 Like

Looking into this a bit more, I am assuming everything is working as designed.
I need to replace the vault certificate with one generated with the correct IP SAN, and then accommodate the self-signed error by trusting the cert in the OS or obtaining a verified one.

This was pretty helpful