Vault TLS on Docker - cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
To get the self signed cert to work with just an IP (not a domain name), specify a subject alternative name (SAN) for the IP.
vim req.conf
[req]default_bits = 4096default_md = sha256distinguished_name = req_distinguished_namex509_extensions = v3_reqprompt = no[req_distinguished_name]C = USST = WAL = SeattleO = NoCompanyOU = Orgainizational_UnitCN = 10.0.0.2[v3_req]keyUsage = keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuthsubjectAltName = @alt_names[alt_names]IP.1 = 10.0.0.2openssl req -new -nodes -x509 -days 365 -keyout dockerregistry.key -out
dockerregistry.crt -config req.conf
On client machine, if you're doing this for a private registry:
sudo vim /etc/docker/daemon.json{ "insecure-registries" : [ "10.0.0.2:5000" ]}sudo systemctl restart docker