One Star dbh
One Star

tSetKeyStore / tRestClient and setting disableCNCheck

Hello, 
Any ideas on how to override the certificate check in the tRestClient component?
I ran into a case recently where in a non-production environment,  a vendor's staging environment is using a HTTPS Certificate which is for a dev environment.  The end result is that the SSL Handshake failed because the FQDN doesn't match the certificate.
I'm using TOS 6.0 and currently running the job on my local development station.The error message indicates that CSF Client TLS Config property "disableDNCheck" should be set to true. I am specifying a keystore which does have the certificate in it.
How do you set this propery in TOS, such that it picks it up?  I've tried setting this in the Job's run tab, Advanced settings (below) without any effect.
JVM args that didn't help
-Djsse.enableSNIExtension=false
-DsetDisableCNCheck=true
-DdisableCNCheck=true
-Ddisable-https-hostname-verification=true
---
Error
Exception in component tRESTClient_1javax.ws.rs.ProcessingException: java.io.IOException: IOException invoking : The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore.  Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
1 REPLY
Community Manager

Re: tSetKeyStore / tRestClient and setting disableCNCheck

Hi
It does not support HTTPS certificate right now, our developers already know this issue, and it has been reported in our bugtracker. see:
https://jira.talendforge.org/browse/TESB-13391
Best regards
Shong
----------------------------------------------------------
Talend | Data Agility for Modern Business