Hi,
I wanted to add one lxd to another as a remote by
lxc remote add somename “https://somename.fqdn:8443” --public
but couldn’t use it then because
x509: certificate is valid for somename, not somename.fqdn
Is there a way to tell LXD to add AltNames to the certificate it autogenerates?
regards
stgraber@dakara:~$ lxc remote add test https://athos.hosts.mtl.stgraber.net:8443 --public
Certificate fingerprint: 537657fe729d9d3f31efd870ffb23d28583617b7e306493ddd65b92beb0fb776
ok (y/n/[fingerprint])? y
stgraber@dakara:~$ lxc remote remove test
stgraber@dakara:~$
There’s something weird going on with your client. Maybe you already have a conflicting cert for that remote locally? Do you get the same when using a different name?
LXD doesn’t generally perform validation on self-signed certs, it just prompts the user to confirm the fingerprint instead and ignores the AltNames field entirely.
I have the same issue when I try to add a remote which is available thru port forward on a public IP:
lxc remote add test https://test.mycompany.com:8443 --public
Certificate fingerprint: d58cb2b8b2bfe84824bc9092e80413300ec26437718703e6da6dffe9478af996
ok (y/n/[fingerprint])? y
Error: Get "https://test.mycompany.com:8443/1.0": tls: failed to verify certificate: x509: certificate is valid for lxd07, not test.mycompany.com
How could I disable cert validation or what should be the procdure?
Thanks