Open 402309718 opened 5 years ago
how to slove it ?
I think that your certificate is not valid. Check if your certificate includes the IP address of the registry service in the SAN section and use it in the registry.
# openssl x509 -in /root/ca1/server.crt -noout -text | grep "Subject Alternative Name" -A 1
X509v3 Subject Alternative Name:
IP Address: 192.168.153.134
If you want to generate new certificate, you have great examples in: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
when I configure orchestrator with SSL
when I login the leader node it works and when I login to the other member nodes it doesn't work and the background log below: 2019/09/10 04:56:45 http: proxy error: x509: cannot validate certificate for 192.168.153.134 because it doesn't contain any IP SANs Sep 10 04:56:45 orch_3 orchestrator: [martini] Completed 502 Bad Gateway in 9.722656ms