On 10/09/2020 2:46 pm, cgh467 wrote:
Hi Robbie,Thanks for pointing out. I did use the wrong port (5671 is for localhost test, 5673 is for remote JAVA server). I change the port to 5673, now I'm getting below error. I got both CA and server certs from server group and imported into NSS DB. Do I need to configure something on my side to make the domain name match? OR something wrong on the certs they gave to me? By the way, they did not give me the private key though. 2020-09-10 06:27:38 [Security] debug SslConnector created for 0-10 2020-09-10 06:27:39 [System] info Connecting: 10.44.221.115:5673 2020-09-10 06:27:39 [System] debug Exception constructed: Failed: Unable to communicate securely with peer: requested domain name does not match the server's certificate. [-12276] (/build/qpid-cpp-VLEObV/qpid-cpp-1.39.0/src/qpid/sys/ssl/SslSocket.cpp:205) 2020-09-10 06:27:39 [Security] warning Connect failed: Failed: Unable to communicate securely with peer: requested domain name does not match the server's certificate. [-12276] (/build/qpid-cpp-VLEObV/qpid-cpp-1.39.0/src/qpid/sys/ssl/SslSocket.cpp:205) 2020-09-10 06:27:39 [Client] debug Connection closed
As the error indicates the hostname by which you are connecting to the broker does not match the name the broker's certificate was issued with.
You can specify ssl_ignore_hostname_verification_failure=true in the connection options in order to ignore that, or else if possible use the hostname in the certificate.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
