use Spring Cloud Stream to connect to solace occurs ConnectException.
use the spring Cloud Stream solace to connect to solace in my project, and enabled SSL_VALIDATE_CERTIFICATE. when the component spring-cloud-starter-stream-solace version is 3.3.2,can connect to solace success and worked properly. After i upgrade the version to the earliest version 4.1.0, it occurs exception. the exception info as belows:
Connection attempt failed to host '10.194.117.211' ConnectException com.solacesystems.jcsmp.JCSMPTransportException: CertificateException - No subject alternative names matching IP address 10.194.117.211 found cause: java.security.cert.CertificateException: No subject alternative names matching IP address
May i ask how to resolve it?
Answers
-
Hi @Jackson ,
Seems like you're trying to connect to 10.194.117.211, but in your TLS certificate on Solace broker, your CN is a hostname (no IP address) and no SAN with IP address.
Correct ?
Then this error is valid: Your application can't verify the server certificate and therefor throws an exception.
Uli
P.S.: I can't explain, why this was working before. If this setup was working with IP address in connect string and only hostname in TLS certificate, I would count this is a bug (and obviously this is fixed in current version).
0 -
Hi @Jackson,
SAN information can have 2 types: DNS and IP. you can mix them.
See here for an explanation:
Alternatives to change the cert (can be complex depending on your Certificate Authority): Why dont you use the DNS name as listed in the cert ?
And if DNS itself for some reason is not working in your environment, you can still add this DNS name + IP address to /etc/hosts on the system, where your application is running.Uli
0
