Hey mike, I am having the same error now. Did you find a way to get around with it?
On Monday, July 30, 2018 at 11:48:36 PM UTC+8, Mike wrote: > > Is there any way to disable hostname verification in the SSL configuration > in CAS 5.3.x? We have a cluster of 4 AD servers named nodeX.server.com > and connect through server.com. The problem is the certificate returned > from each of the 4 servers "node1.server.com" does not match the hostname > I'm connecting to "server.com". It works fine if I connect to one > specific node. I don't see any property in the documentation or through > searching Google that can be used to disable this verification. > > My configuration: > cas.authn.ldap[0].ldapUrl=ldaps://server.com > > The error: > 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - > <verifying hostname=server.com against cert=CN=NODE3.SERVER.COM> > 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - > <verifyDNS using subjectAltNames=[NODE3.SERVER.COM]> > 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.AggregateTrustManager] - > <checkServerTrusted for > [org.ldaptive.ssl.HostnameVerifyingTrustManager@553890591::hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@e3f0ef6, > > hostnames=[server.com]] failed> > 2018-07-30 11:45:30,125 DEBUG > [org.ldaptive.provider.jndi.JndiConnectionFactory] - <Error connecting to > LDAP URL: ldaps://server.com> > org.ldaptive.provider.ConnectionException: > javax.naming.CommunicationException: server.com:636 [Root exception is > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Hostname '[server.com]' does not > match the hostname in the server's certificate 'CN=NODE3.SERVER.COM'] > > > Thanks! > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88b214b4-7b47-4b07-aeb9-9e6efa35e2fb%40apereo.org.
