Helm - Error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

9/9/2019

I am getting below error when I install helm with TLS. I applied the given solution here: https://helm.sh/docs/tiller_ssl/#troubleshooting but, still it's not working.

Error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

generating SSL files:

openssl req -x509 -newkey rsa:4096 -sha256 -keyout helm.ca.key.pem -out helm.ca.cert.pem -subj "/C=CA/ST=St/L=Ms/O=Fi/OU=Dp/CN=tiller" -days 7200 -extensions v3_ca -nodes
openssl genrsa -out ./helm.tiller.key.pem 4096
openssl genrsa -out ./helm.client.key.pem 4096
openssl req -key helm.tiller.key.pem -new -sha256 -out helm.tiller.csr.pem -subj "/C=CA/ST=St/L=Ms/O=Fi/OU=Dp/CN=tiller-server"
openssl req -key helm.client.key.pem -new -sha256 -out helm.client.csr.pem -subj "/C=CA/ST=St/L=Ms/O=Fi/OU=Dp/CN=helm"

echo subjectAltName=IP:127.0.0.1 > extfile.cnf
openssl x509 -req -CA helm.ca.cert.pem -CAkey helm.ca.key.pem -CAcreateserial -in helm.tiller.csr.pem -out helm.tiller.cert.pem -days 1800 -extfile extfile.cnf
openssl x509 -req -CA helm.ca.cert.pem -CAkey helm.ca.key.pem -CAcreateserial -in helm.client.csr.pem -out helm.client.cert.pem  -days 1800 -extfile extfile.cnf

helm init:

helm init --tiller-tls --tiller-tls-cert ./helm.tiller.cert.pem --tiller-tls-key ./helm.tiller.key.pem --tiller-tls-verify --tls-ca-cert helm.ca.cert.pem
kubectl -n kube-system wait --for=condition=Ready pod -l name=tiller --timeout=300s
helm ls --tls --tls-ca-cert ./helm.ca.cert.pem --tls-cert ./helm.client.cert.pem --tls-key ./helm.client.key.pem
-- Ronak Patel
helm-tls
kubernetes-helm
ssl

0 Answers