(When replying to the list Devan will also get the reply).
Hi,
Rubatharisan is correct. The driver will resolve the address from the name of the contact point, so the host name to match is the IP address.
If you want custom validation of the certificate (i.e., allowing 127.0.0.1 host names), you can add a custom validation function:
rejectUnauthorized: true,
checkServerIdentity: myCustomCheckServerIdentityFn
};
checkServerIdentity(servername, cert) <Function> A callback function to be used (instead of the builtin tls.checkServerIdentity() function) when checking the server's hostname (or the provided servername when explicitly set) against the certificate. This should return an <Error> if verification fails. The method should return undefined if the servername and cert are verified.
Also, if you want to bypass client-side server validation, you can use rejectUnauthorized: false.
rejectUnauthorized <boolean> If not false, the server certificate is verified against the list of supplied CAs. An 'error' event is emitted if verification fails; err.code contains the OpenSSL error code. Default: true.
Thanks,
Jorge