Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Luke Bakken lbakken at basho.com
Tue Aug 30 17:14:25 EDT 2016


Kyle,

I would be interested to see the output of this command run on the
same server as your Riak node:

openssl s_client -debug -connect localhost:8098

Please replace "8098" with the HTTPS port used in this configuration
setting in your /etc/riak.conf file:

listener.https.internal

--
Luke Bakken
Engineer
lbakken at basho.com


On Tue, Aug 30, 2016 at 12:01 PM, Nguyen, Kyle <kyle.nguyen at philips.com> wrote:
> Hi Luke,
>
> I believe this is not the case. The Java riak-client (version 2.0.6) that I used does validate the server's cert but not checking on server's CN. If I replaced getACert CA in the trustor with another unknown CA then SSL will fail with "unable to find valid certification path to requested target". I don't even see an option to ignore server cert validation on the client side. I am wondering if you can help provide some details related to SSL certification validation configuration.
>
> My riak node builder code:
> RiakNode.Builder builder = new RiakNode.Builder().withRemoteAddress("127.0.0.1").withRemotePort(8087);
>             builder.withAuth(username, password, trustStore, keyStore, keyPasswd);
>
> Thanks
>
> -Kyle-




More information about the riak-users mailing list