rhtyd commented on issue #2930: HA for Management Server - roundrobin: Certificate ownership URL: https://github.com/apache/cloudstack/issues/2930#issuecomment-433784424 @DennisKonrad did you deploy multiple management servers concurrently? Ideally you should wait for the first management server to fully start before starting secondary management server. From the screenshot tthe certificate was generated without IPs of the mgmt server, therefore the certificate validation logic failed the SSL connection (as the certificate's alt name/ip should match the connecting agent/mgmt server's address). For example the following is a valid mgmt server cert that has ipv4/v6 address in its alt name: ``` Certificate [1] : Serial: da32e26467ff7a4d Not Before:Sat Oct 27 07:44:03 UTC 2018 Not After:Mon Oct 19 19:44:03 UTC 2048 Signature Algorithm:SHA256withRSA Version:3 Subject DN:CN=pr2376-t3127-kvm-centos7-mgmt2 Issuer DN:CN=ca.cloudstack.apache.org Alternative Names:[[7, fe80:0:0:0:4af:4ff:fe01:7a8], [7, 10.2.2.176], [2, pr2376-t3127-kvm-centos7-mgmt2]] ``` I could not reproduce this with 4.11 branch, so will move to milestone 4.12.0.0/master. Please re-test and keep us posted, thanks.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
