Ignore server name mismatch in Java transport client?

For tedious reasons discussed elsewhere, I have a temporary need to talk to Elasticsearch using the Java transport client with the complications that

  • communication has to be over TLS, I can't change that
  • the server certificate will be presented with the wrong SAN, I can't change that

So the question is: how to tell the Java transport client to skip the SAN check and refrain from doing this:

      java.security.cert.CertificateException: No subject alternative DNS name matching elasticsearch-es-transport found.
      	at java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:207)

I have tried various things along the lines of HttpsURLConnection.setDefaultHostnameVerifier() but none of them has worked.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.