Disable LDAP SSL Hostname Verification?

[Mike]

Is there any way to disable hostname verification in the SSL configuration in CAS 5.3.x? We have a cluster of 4 AD servers named nodeX.server.com and connect through server.com. The problem is the certificate returned from each of the 4 servers "node1.server.com" does not match the hostname I'm connecting to "server.com". It works fine if I connect to one specific node. I don't see any property in the documentation or through searching Google that can be used to disable this verification. 

My configuration:

cas.authn.ldap[0].ldapUrl=ldaps://server.com

The error:

2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - <verifying hostname=server.com against cert=CN=NODE3.SERVER.COM>

2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.DefaultHostnameVerifier] - <verifyDNS using subjectAltNames=[NODE3.SERVER.COM]>

2018-07-30 11:45:30,125 DEBUG [org.ldaptive.ssl.AggregateTrustManager] - <checkServerTrusted for [org.ldaptive.ssl.HostnameVerifyingTrustManager@553890591::hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@e3f0ef6, hostnames=[server.com]] failed>

2018-07-30 11:45:30,125 DEBUG [org.ldaptive.provider.jndi.JndiConnectionFactory] - <Error connecting to LDAP URL: ldaps://server.com>

org.ldaptive.provider.ConnectionException: javax.naming.CommunicationException: server.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Hostname '[server.com]' does not match the hostname in the server's certificate 'CN=NODE3.SERVER.COM']

Thanks!

[casuser]

Hey mike,

I am having the same error now. Did you find a way to get around with it?

[Mike]

Hi. Our sysadmins installed a matching certficate on all 4 nodes. The hostnames now match properly.