Artem Egorov created IGNITE-25931:
-------------------------------------
Summary: Improve SSL errors messaging
Key: IGNITE-25931
URL: https://issues.apache.org/jira/browse/IGNITE-25931
Project: Ignite
Issue Type: Improvement
Components: cli ai3
Reporter: Artem Egorov
Prerequisites: Enable SSL for Rest
You may encounter the following issues:
#
## Specifying a http URL instead of https (with {{{}"httpToHttpsRedirection" :
false{}}}) may lead to "{{{}unexpected end of stream on..{}}} error:
{code:java}
# cluster topology physical --url http://example.cluster.local:10400 unexpected
end of stream on http://example.cluster.local:10400/... {code}
## The common SSL error message is too broad:
{code:java}
# cluster topology physical --url https://example.cluster.local:10400 SSL error
Could not connect to node with URL example.cluster.local:10400. Check SSL
configuration {code}
This message applies to the following situations:
### Сluster URL and certificate SAN mismatch
**** e.g. when trying to access the node via
[https://localhost:10400|https://localhost:10400/] (kinda expected)
**** the certificate is issued for a different domain name (the SAN property
in the certificate does not include the requested DNS name)
### Broken chain of trust (untrusted root/intermediate CA)
**** e.g. using self-signed certs
### Inconsistent SSL node configuration in a multi-node cluster
**** e.g. if the first node in the cluster has the correct configuration, the
second does not (e.g. missing cert). In this case, you need to remove the
second node from the topology to make sure there are no SSL errors for the
first one anymore
### Certificate expiration
I don't want to say that all cases should be covered, but improvements in
messaging could improve the experience of SSL configuration and debugging
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
