use Spring Cloud Stream to connect to solace occurs ConnectException.

use the spring Cloud Stream solace to connect to solace in my project, and enabled SSL_VALIDATE_CERTIFICATE. when the component spring-cloud-starter-stream-solace version is 3.3.2,can connect to solace success and worked properly. After i upgrade the version to the earliest version 4.1.0, it occurs exception. the exception info as belows:

Connection attempt failed to host '10.194.117.211' ConnectException com.solacesystems.jcsmp.JCSMPTransportException: CertificateException - No subject alternative names matching IP address 10.194.117.211 found cause: java.security.cert.CertificateException: No subject alternative names matching IP address

May i ask how to resolve it?

Answers

  • uherbst
    uherbst Member, Employee Posts: 121 Solace Employee

    Hi @Jackson ,

    Seems like you're trying to connect to 10.194.117.211, but in your TLS certificate on Solace broker, your CN is a hostname (no IP address) and no SAN with IP address.

    Correct ?

    Then this error is valid: Your application can't verify the server certificate and therefor throws an exception.

    Uli

    P.S.: I can't explain, why this was working before. If this setup was working with IP address in connect string and only hostname in TLS certificate, I would count this is a bug (and obviously this is fixed in current version).

  • Jackson
    Jackson Member Posts: 2

    Hi @uherbst ,

    If that's the case, how can the certificate contain SAN information with IP address?

  • uherbst
    uherbst Member, Employee Posts: 121 Solace Employee

    Hi @Jackson,

    SAN information can have 2 types: DNS and IP. you can mix them.

    See here for an explanation: https://www.entrust.com/blog/2019/03/what-is-a-san-and-how-is-it-used/

    Alternatives to change the cert (can be complex depending on your Certificate Authority): Why dont you use the DNS name as listed in the cert ?
    And if DNS itself for some reason is not working in your environment, you can still add this DNS name + IP address to /etc/hosts on the system, where your application is running.

    Uli