rejected connection from "<ip>:46094" (error "tls: client didn't provide a certificate", ServerName "")
ETCD_NAME="<hostname>"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_CLIENT_URLS="https://XXXX:2379"
ETCD_ADVERTISE_CLIENT_URLS="https://XXXX:2379"
ETCD_LISTEN_PEER_URLS="https://XXXX:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://XXXX:2380"
ETCD_INITIAL_CLUSTER="<hostname>=https://XXXX:2380,<hostname_srv2>=https://XXXX:2380,<hostname_srv3>=https://XXXX:2380"
ETCD_INITIAL_CLUSTER_TOKEN="my-etcd-token"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_PEER_AUTO_TLS="true"
ETCD_CERT_FILE="/etc/etcd/tls/<hostname>-cert.pem"
ETCD_KEY_FILE="/etc/etcd/tls/<hostname>.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/tls/ca.pem"
ca-config.json (for cfssl)
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"server": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
{
"CN": "<domain_name>",
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "<country>",
"L": "<state>",
"ST": "<city>"
}
]
}
{
"CN": "<hostname>",
"hosts": [
"<hostname -f>",
"<hostname>",
"<ip_of_hostname>"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "<country>",
"L": "<state>",
"ST": "<city>"
}
]
}