Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SSL Connection Error: Hostname/IP doesn't match certificate's altnames

See original GitHub issue

I’m using the Heroku kafka addon. The hosts are just ec2 hosts (eg. ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com), but the certs CN is a random alpha string. Using "rejectUnauthorized": false works but then it does not verify the cert is signed by the provided CA. Is there any way to ignore the hostname match but keep all the rest of the verification?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:8 (1 by maintainers)

github_iconTop GitHub Comments

3reactions
mbaranycommented, Dec 4, 2019

Adding the checkServerIdentity option. Example:

const kafkaOptions = {
  clientId: `...`,
  brokers: process.env.KAFKA_URL.split(',').map((host) => {
    return host.replace('kafka+ssl://', '');
  }),
  logLevel: logLevel.ERROR,
  ssl: {
    checkServerIdentity: () => undefined, // disables hostname verification only
    ca: [process.env.KAFKA_TRUSTED_CERT],
    key: process.env.KAFKA_CLIENT_CERT_KEY,
    cert: process.env.KAFKA_CLIENT_CERT
  }
};

const kafka = new Kafka(kafkaOptions);
0reactions
ethanresnickcommented, Dec 4, 2019

@mbarany Thanks. That’s what I ended up doing too.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Hostname/IP does not match certificate's altnames: POSTMAN
my-app.app) is listed as one of alternate domains listed in the SSL certificate that the amazon generated dns name uses.
Read more >
Hostname/IP does not match certificate's altnames · Issue #168
I haven't seen this error before, but it recently became required to use TLS 1.2, so I'm guessing it's related to that. If...
Read more >
Hostname/IP does not match certificate's altnames: Host
I am trying to upload files to linode object storage using nodejs & aws-sdk but getting following error: ``` NetworkingError [ERR_TLS_CERT_ALTNAME_INVALID]: ...
Read more >
SSL Error: Hostname/IP does not match certificate's altnames
It seems like it's an SSL certificate error. Is there any way to reset the Let's Encrypt certificate?
Read more >
Solved: Getting the Error: Hostname/IP doesn't match certi...
The "Error:Hostname/IP doesn't match certificate's altnames" ccould ... Without the servername, the openssl failed with handshake failure.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Include snappy compression (or working example)

Next page

How to correct disconnect multiple consumers?