Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Luke Bakken lbakken at
Tue Aug 30 17:14:25 EDT 2016


I would be interested to see the output of this command run on the
same server as your Riak node:

openssl s_client -debug -connect localhost:8098

Please replace "8098" with the HTTPS port used in this configuration
setting in your /etc/riak.conf file:


Luke Bakken
lbakken at

On Tue, Aug 30, 2016 at 12:01 PM, Nguyen, Kyle <kyle.nguyen at> wrote:
> Hi Luke,
> I believe this is not the case. The Java riak-client (version 2.0.6) that I used does validate the server's cert but not checking on server's CN. If I replaced getACert CA in the trustor with another unknown CA then SSL will fail with "unable to find valid certification path to requested target". I don't even see an option to ignore server cert validation on the client side. I am wondering if you can help provide some details related to SSL certification validation configuration.
> My riak node builder code:
> RiakNode.Builder builder = new RiakNode.Builder().withRemoteAddress("").withRemotePort(8087);
>             builder.withAuth(username, password, trustStore, keyStore, keyPasswd);
> Thanks
> -Kyle-

More information about the riak-users mailing list