Manager - Dashboard - Cannot set one certificate per manager

[gwenael-lebarzic]

Hello.

Running on ceph 19.2.2.
I have two managers and I tried to set up a different SSL certificate for both of them.
The documentation says it is possible to setup certificate for each manager dashboard like this :
https://docs.ceph.com/en/latest/mgr/dashboard/#ssl-tls-support

ceph dashboard set-ssl-certificate $name -i dashboard.crt
ceph dashboard set-ssl-certificate-key $name -i dashboard.key

I tried these commands with $name the manager ID (obtained with ceph orch ps --daemon-type mgr).
Then I disabled/enabled the dashboard in order for my modifications to be taken into account.
But the "global" certificate was still taken into account, not the host certificates ones.

I tried to remove the "global" certificate, but then, the dashboard was not starting anymore (I was able to see in the logs of manager that the global certificate was missing).

I put back the self signed certificate global and tried to use the hosts FQDN as $name, but it was also ignored.
Same with the IPs.
Same with the shortnames.

I was wondering if the documentation is wrong or if I don't do things right.

As a palliative, I generated a unique certificate containing in its SAN the DNS of both manager hosts, but if the documentation is wrong, then it should be corrected I think.

Thank you in advance for your feedback/infos !

[gwenael-lebarzic]

My bad, in fact, the solution was to use the right ID.
My managers looks like this:
mgr.shortname.something

and the ID is not mgr.shortname.something, but shortname.something.
By using the right ID, it works