Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Security: disable https/TLS certificate hostname check for SBA client only

See original GitHub issue

Problem: when developing self-signed certificate is used and SBA Server can be localhost or LAN ip. Then SBA client cannot connect to SBA server

09:23:39.045 [registrationTask1] WARN d.c.b.a.c.r.ApplicationRegistrator#register:94 - Failed to register application as Application … : I/O error on POST request for “https://10.10.10.90:9000/api/applications”: java.security.cert.CertificateException: No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present. Further attempts are logged on DEBUG level

When looking for solutions, e.g. below, they point to disabling host verification for whole app. However it should be possible to disable/overwrite such check for SBA client only, i.e. not effecting other parts of project application.

  1. from https://stackoverflow.com/questions/19540289/how-to-fix-the-java-security-cert-certificateexception-no-subject-alternative
    HttpsURLConnection.setDefaultHostnameVerifier(
        SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:14

github_iconTop GitHub Comments

3reactions
johnchurchillcommented, Dec 5, 2019

In prometheus, it’s as simple as:

    tls_config:
       insecure_skip_verify: true

I’d think something this common should also be a setting in SBA.

3reactions
patpatpat123commented, Aug 25, 2019

Hello @joshiste ,

Thank you for your answer. I join paulvi comment about SBA. It is a real struggle to enable two way TLS and to rewrite this ApplicationRegistrator. Even if the custom RestTemplate is written, injecting it to the ApplicationRegistrator is a tedious task. The examples purely with http are really good though. Thank you

Read more comments on GitHub >

github_iconTop Results From Across the Web

Disabling SSL Certificate Validation in Spring RestTemplate
Complete code to disable SSL hostname verifier, ... is not registered or is invalid you will see certificate error (HTTPS connection is not...
Read more >
Configure TLS certificate host name validation
To temporarily disable TLS certificate host name validation from the CLI, supply --no-server-name-check as an argument to the CLI command.
Read more >
Configuring HTTP or HTTPS and SSL for SBA Interface - Cisco
Configuring Support for HTTP or HTTPS and TLS, on page 3 ... TLS offers a secure ... The PCF supports both server and...
Read more >
Create an HTTPS listener for your Application Load Balancer
You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load ......
Read more >
Certificate and hostname priority · Cloudflare SSL/TLS docs
For any given hostname, Cloudflare uses the following order to determine which certificate (and associated TLS settings) apply to that hostname:.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Loading applications takes forever

Next page

Calling [asyncError()] is not valid for a request with Async state [MUST_DISPATCH]