‌yes

I'm curious what fields are populated in the SAN Cert. Did you put the IP in it as per your thread above? My normal commands to gen a SAN csr is as follows:

openssl genrsa -des3 -out cluster.key 2048

openssl req -new -key cluster.key -sha256 -nodes

  -subj '/C=US/ST=New York/L=New York/O=Hosting/OU=Team/CN=www.cluster.com/

         emailAddress=administrative-not-existent-address@cluster.com/

         subjectAltName=DNS.1=node1.cluster.com,

         DNS.2=node2.cluster.com’ > cluster.csr

Here is an example of the cfg file I'm using to create the CSR:

[ req ]

default_bits = 2048

default_keyfile = rui.key

distinguished_name = req_distinguished_name

encrypt_key = no

prompt = no

string_mask = nombstr

req_extensions = v3_req

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth, clientAuth

# Edit below to match your needed config

subjectAltName = DNS:vrops, IP:192.168.1.50,DNS:vropsmaster.localdom.com

[ req_distinguished_name ]

countryName = US

# Update w/ your location's information

stateOrProvinceName = Georgia

localityName = Atlanta

0.organizationName = TakeAGuess

organizationalUnitName = MyGroup

# Change below

commonName = vrops.localdom.com

emailAddress = me@test.com

OpenSSL command to generate the CSR

D:\OpenSSL-Win32\bin\openssl req -out %location%%certname%.csr -new -newkey rsa:2048 -nodes -keyout %location%%certname%.key -config %location%%certname%.cfg

Drop the IP and shortname from the cert's subject alt names.. I've never added non-FQDN in there before and if I was a betting man our QE didn't test for it either. Just add the FQDN of the master and see what it does..