opensdp icon indicating copy to clipboard operation
opensdp copied to clipboard
verified publisher icon greenstatic

add SANS in server's certificate

Open sejongk opened this issue 3 years ago • 0 comments

Bug description

Below errors were occurred after following the tutorial. On client side, time="2022-02-13T16:17:40Z" level=error msg="Get \"https://172.17.0.4:22211/discover\": x509: certificate relies on legacy Common Name field, use SANs instead" On server side, 2022/02/13 16:17:40 http: TLS handshake error from 172.17.0.5:45394: remote error: tls: bad certificate

Root cause

After golang 1.15, we should use SANS or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0. See https://stackoverflow.com/questions/64814173/ how-do-i-use-sans-with-openssl-instead-of-common-name.

Solution description

I added a guideline that describes how to add SANS in server's certificate. If there is any problem, please tell me. I'm willing to fix it.

sejongk avatar Feb 13 '22 16:02 sejongk