![]() ![]() ![]() Within a year or the certificate will cease working. How long should the certificate be valid for? A year (365ĭays) is usual but requires the certificate to be regenerated Then you must specify those IP addresses here.ĭNS or IP address 1: 172.17.42.1 (th ip address to trust) You plan to connect to the server via IP address and not DNS The next step is to add any additional DNS names and IPĪddresses that clients may use to connect to the server. Even if you plan to connect via IP address you The common nameĬan be anything, but is usually set to the server's primaryĭNS name. Specify the Common Name for the certificate. There is a script for creating proper certs for lumberjack that was mentioned on a logstash github ticket: SSL handshake fails because IP SANs are missing PS Consider adding -days 365 or more to the certificate creation commandline as the default certificate validity is just 30 days and you probably do not want to recreate it every month. hostname) but instead as IP.Įdit your /etc/ssl/openssl.cnf on the logstash host - add subjectAltName = IP:192.168.2.107 in section. The validate the certifcate successfully the IP must be given n the certificate inside the subject alternative names section, but not as an DNS entry (e.g. ![]() Usually the target is given as a hostname and this is checked against the subject and subject alternative names of the certificate. Identification is done with x509 certificates which need to be validated against a trusted CA and which need to identify the target you want to connect to. SSL needs identification of the peer, otherwise your connection might be against a man-in-the-middle which decrypts + sniffs/modifies the data and then forwards them encrypted again to the real target. Failed to tls handshake with 192.168.2.107 x509: cannot validate certificate for 192.168.2.107 because it doesn't contain any IP SANs ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |