Vault TLS on Docker - cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs Vault TLS on Docker - cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs docker docker

Vault TLS on Docker - cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs


docker ssl openssl

Looks like you'd just update the DNS section to: 

[ alt_names ]DNS.0 = localhostIP.1 = 127.0.0.1IP.2 = 0.0.0.0

docker ssl openssl

To get the self signed cert to work with just an IP (not a domain name), specify a subject alternative name (SAN) for the IP.

vim req.conf

[req]default_bits = 4096default_md = sha256distinguished_name = req_distinguished_namex509_extensions = v3_reqprompt = no[req_distinguished_name]C = USST = WAL = SeattleO = NoCompanyOU = Orgainizational_UnitCN = 10.0.0.2[v3_req]keyUsage = keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuthsubjectAltName = @alt_names[alt_names]IP.1 = 10.0.0.2openssl req -new -nodes -x509 -days 365 -keyout dockerregistry.key -out

dockerregistry.crt -config req.conf

On client machine, if you're doing this for a private registry:

sudo vim /etc/docker/daemon.json{    "insecure-registries" : [ "10.0.0.2:5000" ]}sudo systemctl restart docker

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last