Re: Hostname validation

[Anthony Baker]

Are you using a DNS Name in the SAN section of your certificate?

> On Jul 22, 2019, at 12:23 AM, Mario Kevo  wrote:
> 
> Hi,
> 
> When SSL is enabled and ssl-endpoint-identification-enabled flag is set
> to true, hostname validation is performed while establishing a
> connection. This includes checking the hostname and IP address in the
> certificate. In past releases, if hostname validation was disabled, a
> warning log message would pop up saying hostname validation will become
> mandatory in future Geode releases. This message has been removed in
> recent releases, but we would still like to check whether there is a
> plan to mandate hostname validation. The reasons for asking are the
> implementation problems in cloud native applications with hostname and
> IP validation. The IP address can change after each restart, and it
> would be extremely cumbersome maintaining that in the certificates. And
> in general, sticking to specific IP addresses doesn’t go in line with
> cloud native principles.

Hostname validation

[Mario Kevo]

Hi,
 
When SSL is enabled and ssl-endpoint-identification-enabled flag is set
to true, hostname validation is performed while establishing a
connection. This includes checking the hostname and IP address in the
certificate. In past releases, if hostname validation was disabled, a
warning log message would pop up saying hostname validation will become
mandatory in future Geode releases. This message has been removed in
recent releases, but we would still like to check whether there is a
plan to mandate hostname validation. The reasons for asking are the
implementation problems in cloud native applications with hostname and
IP validation. The IP address can change after each restart, and it
would be extremely cumbersome maintaining that in the certificates. And
in general, sticking to specific IP addresses doesn’t go in line with
cloud native principles.