-
|
Hi, I was trying to get a self signed certificate working (I wanted a private cluster, not exposed to the internet). First of I created a CA (v3_ca (critical, digitalSignature, cRLSign, keyCertSign)), then the server certificate (keyEncipherment, digitalSignature, subjectAltName with CA/DNS *.production.svc.clusterset.local). I can access RavenDB secure using a browser with the self signed certificate (there are 2 databases, one hosted in EU and one in US, they can also access each other), however, when connecting to it with the client API (C#) I will get the following error: You are trying to contact host database-eu-01-service.production.svc.clusterset.local but the hostname must match one of the CN or SAN properties of the server certificate: CN=*.production.svc.clusterset.local, O=RavenDB Server, S=Somewhere, C=NL, DNS:*.production.svc.clusterset.local' Now I can add DNS.1 = server1.extension.com as SAN (for all my servers) however, when I need to add another server, I would have to introduce a new certificate... Which is possible, but I rather have a wildcard :). Why can't RavenDB use wildcard domains? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Found it, max days of server certificate should not exceed 825 days. The error has nothing to do with a mismatch in domain name, it will also trigger this part of the code when your certificate has a expire date longer than 825 days :). |
Beta Was this translation helpful? Give feedback.
-
|
FWIW, you may want to set it to ever shorter time frame, the current browser max duration is ~ 398 Days |
Beta Was this translation helpful? Give feedback.
Found it, max days of server certificate should not exceed 825 days. The error has nothing to do with a mismatch in domain name, it will also trigger this part of the code when your certificate has a expire date longer than 825 days :).