-
1. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
rareddy Oct 29, 2012 9:07 AM (in response to yjma2001)Jack,
No such property currently exists. However there is submit a completely new certifacte for the Teiid connection in addition to what you have. You can log JIRA, will see if there is any interest in this feature.
Thanks
Ramesh..
-
2. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
yjma2001 Oct 30, 2012 12:16 PM (in response to rareddy)Thanks Ramesh.
An optional feature request was created at jira: https://issues.jboss.org/browse/TEIID-2282
Thanks
Jack
-
3. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
shawkins Dec 5, 2012 1:40 PM (in response to yjma2001)Jack,
Did you try this scenario with Teiid? I don't believe this should be an issue for us as we are not using https, but rather direct ssl, which doesn't require host name verification.
Steve
-
4. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
yjma2001 Jan 30, 2013 9:03 PM (in response to shawkins)Hi Steve:
Even you use the ssl, the client application(like squirrel) have to verifying the certificate. We could disable the hosename verification during the certificate valification, but I think that is less secure. If teiid jdbc driver could provide the "hostNameInCertificate" lilke MS SQL jdbc driver did, then teiid will know which hostname to verify, this is more secure.
Thanks
Jack
-
5. Re: Does teiid jdbc client driver support using certificate whose cn name does not match with server hostname?
shawkins Jan 31, 2013 9:06 AM (in response to yjma2001)Jack,
Yes, validating the host name does make the connection more secure. However, this is a different issue than what I understood initially. You can reopen the issue and make it specific to validating in general, rather than just allowing for a certificate to be used with an non-matching host name.
Steve