Ignore server name mismatch in Java transport client?

TimWardFS · April 14, 2020, 3:22pm

For tedious reasons discussed elsewhere, I have a temporary need to talk to Elasticsearch using the Java transport client with the complications that

communication has to be over TLS, I can't change that
the server certificate will be presented with the wrong SAN, I can't change that

So the question is: how to tell the Java transport client to skip the SAN check and refrain from doing this:

      java.security.cert.CertificateException: No subject alternative DNS name matching elasticsearch-es-transport found.
      	at java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:207)

I have tried various things along the lines of HttpsURLConnection.setDefaultHostnameVerifier() but none of them has worked.

system · May 12, 2020, 3:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Host name does not match the certificate Elasticsearch elastic-stack-security	5	11544	August 6, 2019
Host name does not match the certificate Elasticsearch elastic-stack-security	3	3250	May 7, 2021
java.security.cert.CertificateException: No subject alternative names present while connecting to domain names Elasticsearch	5	8554	February 9, 2018
Elasticsearch java rest api - Sniffer issue Elasticsearch	2	850	September 8, 2017
Issue with Elasticsearch java version and Transport Client Elasticsearch	10	462	July 6, 2017

Ignore server name mismatch in Java transport client?

Related topics