Kyle,
I would be interested to see the output of this command run on the
same server as your Riak node:
openssl s_client -debug -connect localhost:8098
Please replace "8098" with the HTTPS port used in this configuration
setting in your /etc/riak.conf file:
listener.https.internal
--
Luke Bakken
Engineer
lbak...@basho.com
On Tue, Aug 30, 2016 at 12:01 PM, Nguyen, Kyle <kyle.ngu...@philips.com> wrote:
> Hi Luke,
>
> I believe this is not the case. The Java riak-client (version 2.0.6) that I
> used does validate the server's cert but not checking on server's CN. If I
> replaced getACert CA in the trustor with another unknown CA then SSL will
> fail with "unable to find valid certification path to requested target". I
> don't even see an option to ignore server cert validation on the client side.
> I am wondering if you can help provide some details related to SSL
> certification validation configuration.
>
> My riak node builder code:
> RiakNode.Builder builder = new
> RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
> builder.withAuth(username, password, trustStore, keyStore,
> keyPasswd);
>
> Thanks
>
> -Kyle-
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
