02-09-2021 01:26 PM - edited 02-09-2021 01:28 PM
I recently ran into a new provisioning error after upgrading a 3 node cluster from 1.3.3.7 directly to 2.1.2.5 over the weekend. When attempting to provision a device I was getting the following error:
The 'Host name' depicted the cluster vip which was not a part of the TLS cert SAN. I had to regenerate a new TLS cert to include cluster vips, node IPs, and then update the PKI cert under system settings from within the UI. Once that was done provisioning worked like a charm. Note that we never had provisioning errors prior to 2.1.2.5 that generated this error. TAC is filing a documentation bug as they claim adding the IPs to the SAN field has fixed several similar certificate errors. HTH anybody that runs into the same issue.