Security: disable https/TLS certificate hostname check for SBA client only
See original GitHub issueProblem: when developing self-signed certificate is used and SBA Server can be localhost or LAN ip. Then SBA client cannot connect to SBA server
09:23:39.045 [registrationTask1] WARN d.c.b.a.c.r.ApplicationRegistrator#register:94 - Failed to register application as Application … : I/O error on POST request for “https://10.10.10.90:9000/api/applications”: java.security.cert.CertificateException: No subject alternative names present; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present. Further attempts are logged on DEBUG level
When looking for solutions, e.g. below, they point to disabling host verification for whole app. However it should be possible to disable/overwrite such check for SBA client only, i.e. not effecting other parts of project application.
HttpsURLConnection.setDefaultHostnameVerifier(
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Issue Analytics
- State:
- Created 5 years ago
- Comments:14
Top GitHub Comments
In prometheus, it’s as simple as:
I’d think something this common should also be a setting in SBA.
Hello @joshiste ,
Thank you for your answer. I join paulvi comment about SBA. It is a real struggle to enable two way TLS and to rewrite this ApplicationRegistrator. Even if the custom RestTemplate is written, injecting it to the ApplicationRegistrator is a tedious task. The examples purely with http are really good though. Thank you