Hey mike, I am having the same error now. Did you find a way to get around with it?
On Monday, July 30, 2018 at 11:48:36 PM UTC+8, Mike wrote: > > Is there any way to disable hostname verification in the SSL configuration > in CAS 5.3.x? We have a cluster of 4 AD servers named nodeX.server.com > and connect through server.com. The problem is the certificate returned > from each of the 4 servers "node1.server.com" does not match the hostname > I'm connecting to "server.com". It works fine if I connect to one > specific node. I don't see any property in the documentation or through > searching Google that can be used to disable this verification. > > My configuration: > cas.authn.ldap[0].ldapUrl=ldaps://server.com > > The error: > 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - > <verifying hostname=server.com against cert=CN=NODE3.SERVER.COM> > 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - > <verifyDNS using subjectAltNames=[NODE3.SERVER.COM]> > 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.AggregateTrustManager] - > <checkServerTrusted for > [org.ldaptive.ssl.HostnameVerifyingTrustManager@553890591::hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@e3f0ef6, > > hostnames=[server.com]] failed> > 2018-07-30 11:45:30,125 DEBUG > [org.ldaptive.provider.jndi.JndiConnectionFactory] - <Error connecting to > LDAP URL: ldaps://server.com> > org.ldaptive.provider.ConnectionException: > javax.naming.CommunicationException: server.com:636 [Root exception is > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Hostname '[server.com]' does not > match the hostname in the server's certificate 'CN=NODE3.SERVER.COM'] > > > Thanks! > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88b214b4-7b47-4b07-aeb9-9e6efa35e2fb%40apereo.org.
