Hi. Our sysadmins installed a matching certficate on all 4 nodes. The hostnames now match properly.
On Tuesday, November 27, 2018 at 12:17:27 AM UTC-5, casuser wrote: > > Hey mike, > > I am having the same error now. Did you find a way to get around with it? > > On Monday, July 30, 2018 at 11:48:36 PM UTC+8, Mike wrote: >> >> Is there any way to disable hostname verification in the SSL >> configuration in CAS 5.3.x? We have a cluster of 4 AD servers named >> nodeX.server.com and connect through server.com. The problem is the >> certificate returned from each of the 4 servers "node1.server.com" does >> not match the hostname I'm connecting to "server.com". It works fine if >> I connect to one specific node. I don't see any property in the >> documentation or through searching Google that can be used to disable this >> verification. >> >> My configuration: >> cas.authn.ldap[0].ldapUrl=ldaps://server.com >> >> The error: >> 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] >> - <verifying hostname=server.com against cert=CN=NODE3.SERVER.COM> >> 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] >> - <verifyDNS using subjectAltNames=[NODE3.SERVER.COM]> >> 2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.AggregateTrustManager] - >> <checkServerTrusted for >> [org.ldaptive.ssl.HostnameVerifyingTrustManager@553890591::hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@e3f0ef6, >> >> hostnames=[server.com]] failed> >> 2018-07-30 11:45:30,125 DEBUG >> [org.ldaptive.provider.jndi.JndiConnectionFactory] - <Error connecting to >> LDAP URL: ldaps://server.com> >> org.ldaptive.provider.ConnectionException: >> javax.naming.CommunicationException: server.com:636 [Root exception is >> javax.net.ssl.SSLHandshakeException: >> java.security.cert.CertificateException: Hostname '[server.com]' does >> not match the hostname in the server's certificate 'CN=NODE3.SERVER.COM'] >> >> >> Thanks! >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/934f946c-7c9a-475f-963a-23ba1c89833a%40apereo.org.
