Matthias Brandt created CASSANDRA-10970: -------------------------------------------
Summary: SSL/TLS: Certificate Domain is ignored Key: CASSANDRA-10970 URL: https://issues.apache.org/jira/browse/CASSANDRA-10970 Project: Cassandra Issue Type: Bug Reporter: Matthias Brandt I've set up server_encryption_options as well as client_encryption_options. In both settings, I use the same keystore with an wild-card SSL certificate in it. It is signed by our own CA, which root certificate is in the configured truststore: {code} server_encryption_options: internode_encryption: all keystore: /etc/cassandra/conf/wildcard-cert.keystore keystore_password: "" truststore: /etc/cassandra/conf/hpo-cacerts truststore_password: changeit require_client_auth: true client_encryption_options: enabled: true keystore: /etc/cassandra/conf/wildcard-cert.keystore keystore_password: "" require_client_auth: false {code} The certifcate's subject is: {code}CN=*.my.domain.com,OU=my unit,O=my org{code} When I deploy this setting on a server which domain is node1.my.*other-domain*.com a connection via cqlsh wrongly works. Additionally, the inter-node connection between other nodes in this wrong domain also works. I would expect that the connection would fail with a meaningful error message. -- This message was sent by Atlassian JIRA (v6.3.4#6332)