Problem
TFE failed to startup with below error from ptfe_vault container
Error initializing storage of type postgresql: failed to check for native upsert: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
Cause
Since TFE release v20170101, internal Vault is upgraded to version 1.7.3
, which has Go upgraded to version 1.15
Go 1.15
deprecated the legacy behavior of treating the CommonName
field on X.509 certificates as a host name when no Subject Alternative Names are present
Solutions
- Upgrade Postgres server certificate to include SAN extension
- A temporary workaround is to change Postgres
sslmode
connection parameter fromverify-full
toverify-ca