failed to verify certificate: x509: certificate is valid for "localhost", not localhost

[patsevanton]

Hello! Thanks for smallstep!
i run docker-compose.yaml:

version: "3.8"

services:
  step-ca:
    image: smallstep/step-ca:0.25.2
    container_name: step-ca
    restart: unless-stopped
    network_mode: "host"
    environment:
      - DOCKER_STEPCA_INIT_NAME="Acme Corp"
      - DOCKER_STEPCA_INIT_DNS_NAMES="localhost"
      - DOCKER_STEPCA_INIT_PASSWORD=mysecretpassword
    volumes:
      - step-ca:/home/step
volumes:
  step-ca:

Find Root fingerprint (CA_FINGERPRINT)

step ca bootstrap --ca-url https://localhost:9000 --fingerprint $CA_FINGERPRINT

Generating a key and certificate for the server and setting up a TLS connection:

step certificate create --csr --no-password --insecure --kty=RSA --size=2048 localhost server.csr server.key

Signing the certificate on our Smallstep CA:

step ca sign server.csr server.crt

Get error:

client GET https://localhost:9000/provisioners?limit=100 failed: tls: failed to verify certificate: x509: certificate is valid for "localhost", not localhost

Where did I go wrong?

[hslatman]

Can you try it with - DOCKER_STEPCA_INIT_DNS_NAMES=localhost, so without the quotes? It sounds as if the CA has the " in its certificate. That in itself would be a bit surprising and might be a bug to fix. You might need to clean/remove the volume you're using (basically starting over), because the CA won't initialize itself (again) if there's already a configuration available.

[hslatman]

@patsevanton does you marking this as the answer confirm it was because of the quotes? Because in that case maybe we need to fix that somewhere.

[patsevanton]

@patsevanton does you marking this as the answer confirm it was because of the quotes? Because in that case maybe we need to fix that somewhere.

Yes, without quotes work.