HTTPS方式ETCD客户端连接提示bad certificate对应方法

本文memo一下HTTPS方式下ETCD证书生成时的一个小错误。

现象:提示bad certificate错误

证书正常生成与设定,etcd能够正常启动,但是客户端连接2379端口时报错,报错示例:

Mar 23 10:58:32 host131 etcd[7421]: rejected connection from "192.168.163.131:50958" (error "remote error: tls: bad certificate", ServerName "")

原因

证书设定问题,需检查证书生成时csr文件中是否正确设定,IP是否设定到hosts中

对应方法

设定正确之后重新生成证书并部署,连接即可成功

[root@host131 shell]# export ETCDCTL_API=3; etcdctl --endpoints=https://192.168.163.131:2379 --cacert=/etc/ssl/ca/ca.pem --cert=/etc/ssl/etcd/cert-etcd.pem --key=/etc/ssl/etcd/cert-etcd-key.pem endpoint health
https://192.168.163.131:2379 is healthy: successfully committed proposal: took = 1.528611ms
[root@host131 shell]# 

你可能感兴趣的:(Kubernetes,深入浅出kubernetes)