证书一定需要有ip地址吗？

月明星稀 · 2023 年7 月 12 日 11:21

ikv启动失败

pd日志
[2023/07/12 19:11:00.347 +08:00] [DEBUG] [peer_status.go:82] [“peer deactivated again”] [peer-id=84c6fb284c03c211] [error=“failed to dial 84c6fb284c03c211 on stream MsgApp v2 (x509: cannot validate certificate for 1.1.1.3 because it doesn’t contain any IP SANs)”]
[2023/07/12 19:11:00.347 +08:00] [DEBUG] [peer_status.go:82] [“peer deactivated again”] [peer-id=542460a451f5b039] [error=“failed to dial 542460a451f5b039 on stream MsgApp v2 (x509: cannot validate certificate for 1.1.1.1 because it doesn’t contain any IP SANs)”]
[2023/07/12 19:18:36.760 +08:00] [WARN] [config_logging.go:287] [“rejected connection”] [remote-addr=1.1.1.1:35522] [server-name=] [error=“remote error: tls: bad certificate”]
[2023/07/12 19:18:36.760 +08:00] [WARN] [config_logging.go:287] [“rejected connection”] [remote-addr=1.1.1.1:35518] [server-name=] [error=“remote error: tls: bad certificate”]
[2023/07/12 19:18:36.780 +08:00] [WARN] [config_logging.go:287] [“rejected connection”] [remote-addr=1.1.1.3:36784] [server-name=] [error=“remote error: tls: bad certificate”]
[2023/07/12 19:18:36.781 +08:00] [WARN] [config_logging.go:287] [“rejected connection”] [remote-addr=1.1.1.3:36786] [server-name=] [error=“remote error: tls: bad certificate”]
[2023/07/12 19:18:36.798 +08:00] [DEBUG] [stream.go:597] [“dial stream reader”] [from=9355f7e22e1a34e2] [to=542460a451f5b039] [address=https://1.1.1.1:2380/raft/stream/msgapp/9355f7e22e1a34e2]
[2023/07/12 19:18:36.798 +08:00] [DEBUG] [stream.go:597] [“dial stream reader”] [from=9355f7e22e1a34e2] [to=84c6fb284c03c211] [address=https://1.1.1.3:2380/raft/stream/message/9355f7e22e1a34e2]
[2023/07/12 19:18:36.798 +08:00] [DEBUG] [stream.go:597] [“dial stream reader”] [from=9355f7e22e1a34e2] [to=84c6fb284c03c211] [address=https://1.1.1.3:2380/raft/stream/msgapp/9355f7e22e1a34e2]
[2023/07/12 19:18:36.798 +08:00] [DEBUG] [stream.go:597] [“dial stream reader”] [from=9355f7e22e1a34e2] [to=542460a451f5b039] [address=https://1.1.1.1:2380/raft/stream/message/9355f7e22e1a34e2]

tikv日志：
[2023/07/12 19:17:10.799 +08:00] [INFO] [util.rs:598] [“connecting to PD endpoint”] [endpoints=1.1.1.1:2379]
[2023/07/12 19:17:12.800 +08:00] [INFO] [util.rs:560] [“PD failed to respond”] [err=“Grpc(RpcFailure(RpcStatus { code: 4-DEADLINE_EXCEEDED, message: "Deadline Exceeded", details: [] }))”] [endpoints=1.1.1.1:2379]
[2023/07/12 19:17:12.800 +08:00] [INFO] [util.rs:598] [“connecting to PD endpoint”] [endpoints=1.1.1.2:2379]
[2023/07/12 19:17:14.801 +08:00] [INFO] [util.rs:560] [“PD failed to respond”] [err=“Grpc(RpcFailure(RpcStatus { code: 4-DEADLINE_EXCEEDED, message: "Deadline Exceeded", details: [] }))”] [endpoints=1.1.1.2:2379]
[2023/07/12 19:17:14.801 +08:00] [INFO] [util.rs:598] [“connecting to PD endpoint”] [endpoints=1.1.1.3:2379]

请教大佬们，帮忙解答下，感谢。

证书一定要有san ip地址吗？
或者是有其他问题？怎么解决。

Billmay表妹 · 2023 年7 月 12 日 12:07

PD 响应失败

Billmay表妹 · 2023 年7 月 12 日 12:08

提供正确的： IP SANs

月明星稀 · 2023 年7 月 12 日 12:17

SAN包含本机ip地址是必须的吗？

xfworld · 2023 年7 月 12 日 14:19

不用证书不行么？

制作证书的时候，要么指定域名，要么指定 IP 了…

zhanggame1 · 2023 年7 月 12 日 14:27

证书要求必须有域名或者ip，而且和访问的url中主机名或者ip要完全一致

system · 2023 年9 月 10 日 14:28

此话题已在最后回复的 60 天后被自动关闭。不再允许新回复。