You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jclouds.apache.org by Cael Jacobs <ca...@gmail.com> on 2018/06/27 13:58:36 UTC
Packet.net DNS/SAN issues?
Hi, all!
I am attempting to use jClouds to interact with Packet.Net, and when I
make a call to
packetApi.operatingSystemApi().list();
I get a stack trace for a thrown exception:
java.security.cert.CertificateException: No subject alternative DNS
name matching api.packet.net found. connecting to GET
https://api.packet.net/operating-systems HTTP/1.1
I pulled the cert for api.packet.net, which appears to be a PaaS or IaaS
node that is serving dozens of domains, and a Subject Alternative Name
for "api.packet.net" does exist in there along with many others.
I am able to access the same url via curl, from the same machine and
others, and get proper responses, so I know that there's not an
intrinsic error between me and the api server that's preventing me from
reaching it; it seems to me that either jClouds is doing something
squirrelly, or the underlying Java SSL class is not handling the
certificate SANs properly.
Has anyone seen anything like this on packet.net or any other provider?
Thanks,
-Cael
Re: Packet.net DNS/SAN issues?
Posted by Ignasi Barrera <na...@apache.org>.
Looks like the SSL certificate for the API endpoint has a wrong CN? it
seems to have been issued just today
SSL Server Certificate
Issued To
Common Name (CN)u2.shared.global.fastly.net
Organization (O)
Fastly, Inc.
Organizational Unit (OU)
<Not Part Of Certificate>
Issued By
Common Name (CN)
GlobalSign CloudSSL CA - SHA256 - G3
Organization (O)
GlobalSign nv-sa
Organizational Unit (OU)
<Not Part Of Certificate>
Validity Period
Issued On
Wednesday, June 27, 2018 at 3:10:09 PM
Expires On
Wednesday, March 20, 2019 at 9:14:44 PM
The CN should match the endpoint, and it has a different one.
Could you try setting the "Constants#RELAX_HOSTNAME" property [1] to
"true", and see if the problem persists?
It would also be great if you could contact them and ask about the details
of this certificate.
HTH!
I.
[1]
https://jclouds.apache.org/reference/javadoc/2.1.x/org/jclouds/Constants.html#PROPERTY_RELAX_HOSTNAME
On 27 June 2018 at 15:58, Cael Jacobs <ca...@gmail.com> wrote:
> Hi, all!
>
> I am attempting to use jClouds to interact with Packet.Net, and when I
> make a call to
>
> packetApi.operatingSystemApi().list();
>
> I get a stack trace for a thrown exception:
>
> java.security.cert.CertificateException: No subject alternative DNS name
> matching api.packet.net found. connecting to GET https://api.packet.net/
> operating-systems HTTP/1.1
>
> I pulled the cert for api.packet.net, which appears to be a PaaS or IaaS
> node that is serving dozens of domains, and a Subject Alternative Name for "
> api.packet.net" does exist in there along with many others.
>
> I am able to access the same url via curl, from the same machine and
> others, and get proper responses, so I know that there's not an intrinsic
> error between me and the api server that's preventing me from reaching it;
> it seems to me that either jClouds is doing something squirrelly, or the
> underlying Java SSL class is not handling the certificate SANs properly.
>
> Has anyone seen anything like this on packet.net or any other provider?
>
> Thanks,
>
> -Cael
>