jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignasi Barrera <n...@apache.org>
Subject Re: Packet.net DNS/SAN issues?
Date Wed, 27 Jun 2018 14:18:34 GMT
Looks like the SSL certificate for the API endpoint has a wrong CN? it
seems to have been issued just today

SSL Server Certificate

Issued To

Common Name (CN)u2.shared.global.fastly.net
Organization (O)
Fastly, Inc.
Organizational Unit (OU)
<Not Part Of Certificate>

Issued By

Common Name (CN)
GlobalSign CloudSSL CA - SHA256 - G3
Organization (O)
GlobalSign nv-sa
Organizational Unit (OU)
<Not Part Of Certificate>

Validity Period

Issued On
Wednesday, June 27, 2018 at 3:10:09 PM
Expires On
Wednesday, March 20, 2019 at 9:14:44 PM


The CN should match the endpoint, and it has a different one.
Could you try setting the "Constants#RELAX_HOSTNAME" property [1] to
"true", and see if the problem persists?

It would also be great if you could contact them and ask about the details
of this certificate.




On 27 June 2018 at 15:58, Cael Jacobs <cael.jacobs@gmail.com> wrote:

> Hi, all!
> I am attempting to use jClouds to interact with Packet.Net, and when I
> make a call to
> packetApi.operatingSystemApi().list();
> I get a stack trace for a thrown exception:
> java.security.cert.CertificateException: No subject alternative DNS name
> matching api.packet.net found. connecting to GET https://api.packet.net/
> operating-systems HTTP/1.1
> I pulled the cert for api.packet.net, which appears to be a PaaS or IaaS
> node that is serving dozens of domains, and a Subject Alternative Name for "
> api.packet.net" does exist in there along with many others.
> I am able to access the same url via curl, from the same machine and
> others, and get proper responses, so I know that there's not an intrinsic
> error between me and the api server that's preventing me from reaching it;
> it seems to me that either jClouds is doing something squirrelly, or the
> underlying Java SSL class is not handling the certificate SANs properly.
> Has anyone seen anything like this on packet.net or any other provider?
> Thanks,
> -Cael

View raw message