Re: Molly Brown and Yggdrasil

Message headers

From: Martin <martin@datapulp.de>

Subject: Re: Molly Brown and Yggdrasil

Date: Thu, 10 Feb 2022 07:06:16 +0100

Message-ID: <su2a0s$q53$1@gioia.aioe.org>

Message content

Am 09.02.22 um 22:16 schrieb meff:

This means that the cert should use a SAN and not a CN, but may be

indicative of a different error underneath.

Yes, with my own capsule I also tried SAN, this is the openssl.cnf:

[req]

default_bits = 2048

distinguished_name = req_distinguished_name

req_extensions = req_ext

x509_extensions = v3_req

prompt = no

[req_distinguished_name]

countryName = XX

stateOrProvinceName = N/A

localityName = N/A

organizationName = Self-signed certificate

commonName = localhost

[req_ext]

subjectAltName = @alt_names

[v3_req]

subjectAltName = @alt_names

[alt_names]

IP.1 = 127.0.0.1

DNS.1 = localhost

Although the ip address appears in the certificate as whished, I still

am just able to connect to the capsule via the name "localhost"

THe openssl command for the above config:

openssl req -x509 -nodes -days 36500 -newkey rsa:4096 -keyout

yggdrasil.key -out yggdrasil.crt -config openssl.cnf

Interesting, did you try this method to create the cert and it didn't

work?

I tried the above and according to different explainations it should

also work with the raw ip adress calling.

Well, in the end I thought: maybe gmid does not support raw ip

addresses. I do think so.

Did anybody other manage to get a raw ip address access to a capsule?

Martin

Related

Parent:

Start of thread: