gnmic: GET failure due to TLS failure : cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs"

Hello,

I would like to use the same server certificate on multiple NEs, hence not adding IP in the cert. But the secure GET request fails with the following error during handshake.

  • The C++ grpc gives an option to override the target name-> args.SetSslTargetNameOverride(name); //This signifies common name present in X509 certificate
  • Any such option available in gnmic too?
}. Err: connection error: desc = **"transport: authentication handshake failed: x509: cannot validate certificate for 192.168.0.15 because it doesn't contain any IP SANs"**

2023/07/10 11:48:36.612273 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.54.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1 SubChannel #2] Subchannel Connectivity change to TRANSIENT_FAILURE, last error: connection error: desc = "transport: authenti**cation handshake failed: x509: cannot validate certificate for 192.168.0.15 because it doesn't contain any IP SANs"**

2023/07/10 11:48:36.612400 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.54.0/grpclog/logger.go:53: [gnmic] [core] pickfirstBalancer: UpdateSubConnState: 0xc000621920, {TRANSIENT_FAILURE connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 192.168.0.15 because it doesn't contain any IP SANs"}

-Thanks Shikha

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 16

Most upvoted comments

All good, glad it works.

+1
karimra on Jul 22, 2023
Read more comments on GitHub
← oc: RequireJS and Oc-client don't really go together
gnmic: I think Prometheus output have a memory leak that crashes the server it runs on.  →