Is there any way to disable hostname verification in the SSL configuration in CAS 5.3.x? We have a cluster of 4 AD servers named
nodeX.server.com and connect through
server.com. The problem is the certificate returned from each of the 4 servers "
node1.server.com" does not match the hostname I'm connecting to "
server.com". It works fine if I connect to one specific node. I don't see any property in the documentation or through searching Google that can be used to disable this verification.
2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - <verifying hostname=
server.com against cert=CN=
NODE3.SERVER.COM>
2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - <verifyDNS using subjectAltNames=[
NODE3.SERVER.COM]>
2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.AggregateTrustManager] - <checkServerTrusted for [org.ldaptive.ssl.HostnameVerifyingTrustManager@553890591::hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@e3f0ef6, hostnames=[
server.com]] failed>
2018-07-30 11:45:30,125 DEBUG [org.ldaptive.provider.jndi.JndiConnectionFactory] - <Error connecting to LDAP URL: ldaps://
server.com>
org.ldaptive.provider.ConnectionException: javax.naming.CommunicationException:
server.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Hostname '[
server.com]' does not match the hostname in the server's certificate 'CN=
NODE3.SERVER.COM']