Hi,
We've found the BPA is complaining that the clusters VIP is not present in the security certificate. We have a certificate shared with all our DMAs, and the SAN contains the IP and DNS name of all DMAs hosts and VIPs.
As can be seen below, 10.118.29.13 has a ceritificate that Chrome is happy with, yet the BPA is not.
Is this a BPA bug?
Chris Glover [DevOps Advocate] Selected answer as best 19th September 2023
This BPA looks at the certificate which is linked to the HTTPS binding for the "Default Web Site" in IIS and parses the SAN names/ips out of there.
If all of that configuration is correct, my guess would be on an issue with parsing the certificate. Probably best to reach out to Skyline to have this investigated further.
Chris Glover [DevOps Advocate] Selected answer as best 19th September 2023
Thanks